So with FlexWiki 2.0, its as-designed to allow anonymous users to change the
Wiki's config. such as namespaces and even the raw configuration?
Shannon
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Tuesday, February 12, 2008 9:59 AM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] [SPAM-LOW] Re: Forms Based Authentication
So when you have the flexwiki.config file with the 'ManageNamespace'
permission set only to 'role:WikiAdministrators' and log in as a user who
has that role do you see the 'Lock Topic' button and link?
If you do then role-based permissions are working correctly.
Then to lock down the Admin page I would edit _NormalBorders (the
LeftBorder: property) so that what is now:
MenuItem("Show Main FlexWiki Administration Page", "Administration Page",
federation.LinkMaker.SimpleLinkTo("admin/default.aspx")),
namespace.HasManageNamespacePermission.IfTrueIfFalse
({
[
MenuItem("Show Topic Lock Management Page", "Topic Locks",
federation.LinkMaker.SimpleLinkTo("admin/TopicLocks.aspx")),
becomes
namespace.HasManageNamespacePermission.IfTrueIfFalse
({
[
MenuItem("Show Topic Lock Management Page", "Topic Locks",
federation.LinkMaker.SimpleLinkTo("admin/TopicLocks.aspx")),
MenuItem("Show Main FlexWiki Administration Page", "Administration Page",
federation.LinkMaker.SimpleLinkTo("admin/default.aspx")),
this is not an absolute permission block (more security via obscurity - as
the user would not see the link, but could still access the pages by
creating the link manually). If this is a real problem, please submit a
feature request to manage Admin features when using Forms management
John Davidson
On Feb 12, 2008 9:32 AM, Shannon Ma <[EMAIL PROTECTED]> wrote:
Scratch the first part, I added my AspNetSqlRoleProvider to the roleManager
tag. Now if I can only lockdown the Admin page with forums auth J.
Shannon
From: Shannon Ma [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 12, 2008 9:13 AM
To: 'FlexWiki Users Mailing List'
Subject: RE: [Flexwiki-users] [SPAM-LOW] Re: Forms Based Authentication
Thanks John. hard coding the username works.
Do I have to add any providers to the role manager tag? It's attempting to
connect to a local SQL Express database.
Also, how would you recommend locking down the Admin page with forums
authentication? I don't think I can lock it down with Windows permissions.
Thanks again!
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
