I am have extreme problems with adding security to the web dashboard. I am trying to set up security for a bunch of web app projects. Everything works with no security enabled.

The security i want is fairly simple. 2 roles “Releasers” and “Testers”, releasers can do anything, testsers can force build the test deployment project and only view the rest of the projects which all upgrade the live installations. However I just can’t get it to work. As a start i think i have just allowed everything for everyone and i get a few differnt problem depending on how i set up various things. In all cases the config file validates with the validator util.

Server Config

 <internalSecurity>    
    <users>
      <ldapUser name="ccnet" domain="localhost" />
      <passwordUser name="ccnetadmin" password="NotTheRealPW" />      
    </users>
    <permissions>
      <rolePermission name="Releasers" defaultRight="Allow">
        <users>
          <userName name="ccnetadmin"/>
        </users>
      </rolePermission>
      <rolePermission name="Testers" defaultRight="Allow">
        <users>
          <userName name="ccnet"/>
        </users>
      </rolePermission>
    </permissions>
  </internalSecurity>

Project Security

<security type="defaultProjectSecurity" defaultRight="Inherit">
      <permissions>
        <rolePermission name="Testers" ref="Testers"/>
        <rolePermission name="Releasers" ref="Releasers"/>        
      </permissions>
    </security>

Dashboard.config

There are 3 things that are not clear from the documentation.

• What kind of authentication needs to be set up in IIS.
• What kind of users do i need to set up in the ccnet.config server
  security section.
• In the dashboard config what do i need in the <securityPlugins> section.

I have tried forms and windows integrated in the web.config and in iis. With forms it essentially complains that there is no login.aspx, which there isn’t so i suspect that this is correct. With windows integrated i can access the dashboard. Any projects that have no security element i can see in the list but any action result in a security exception saying i don’t have the ViewProject permission. Any projects that have the security element simply don’t show in the list. I get the same behaviour whichever user type i use simpleUser, passwordUser or ldapUser. I cannot find anywhere that mentions any other value that i can put in the securityPlugins section other than simpleSecurity, are there any other values and if so what are they.

I have searched this documentation and i cannot find any answers to any of these questions.

EDIT

Whoever can suggest a what i can achieve the below goal gets the bounty, even if it is a totally different way than i have described above.

I want a set of users who can view all CC.net projects and force build 1 specific project. I want another set of users who can view and force build all projects. I want it to be with one single cc.net dashboard, one config file, but with different user accounts.

EDIT 2

As the bounty is running out soon i will also give it so anyone that can offer some kind of compelling evidence that the security in cc.net does not work, so at least i know not to waste my time on it any longer. Also I have tried to log an issue or post to the cc.net forum about this but they seem to have transitioned to a new system and that doesn’t work seem to work either, it simply won’t let you sign up for a user account, it requires email verification but the email never comes through.