brajesh1
May 24th, 2006, 07:55 AM
Hello
I am trying to implement role based authentication.I have fetched the records(roles) from database table.I have fallowing code in Application_Authenticaterequest method in global.asax file.
If Request.IsAuthenticated() Then Dim arrRoles() As String = {"admin", "mes", "vendor", "customer"}
Context.User = New System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
In login_button click ,after checking user credentials ,i have written fallowing code
Dim arrRoles As New ArrayList()
Dim k As Integer
k = -1
While dr1.Read()
k = k + 1
arrRoles.Add(dr1("userrole"))
ticket = New FormsAuthenticationTicket(1, DropDownList4.SelectedValue.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), True, dr1.GetString(0), FormsAuthentication.FormsCookiePath)
hash = FormsAuthentication.Encrypt(ticket)
cookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
'cookie.Name
If (ticket.IsPersistent) Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
returnurl = Request.QueryString("ReturnUrl")
If (IsDBNull(returnurl) = True) Then
returnurl = "/"
Response.Redirect("login.aspx")
End If
End While
strRoles = arrRoles.ToArray(GetType(String))
Dim objPrincipal As GenericPrincipal = New GenericPrincipal(objIdentity, strRoles)
System.Threading.Thread.CurrentPrincipal = objPrincipal
If (Threading.Thread.CurrentPrincipal.IsInRole("admin") then
Server.Transfer(DropDownList3.SelectedValue.ToString() + "/default.aspx")
Else
status.Text = "Not Authorized"
End If
this code tranfer the controlto apprp. dir,but issue is that it does not support control events like dropdownlist_selected index changed,button _click etc it displays the ugly page with message 'Page cannot be displayed.
I have make req changes in web.config files and tried several options with lno success at all.If i make authorization attribute<deny users="*"/>.it gives above said issues.
On the other hand is i set <deny users="?"/>.It works fine ie page & control events works fine but User can move to any file in protected dir by giving url in address bar which was not possible in <deny users="*"/>case.
I will be thankful to anybody who can help me to recover from this tricky situation.
brajesh sharma
I am trying to implement role based authentication.I have fetched the records(roles) from database table.I have fallowing code in Application_Authenticaterequest method in global.asax file.
If Request.IsAuthenticated() Then Dim arrRoles() As String = {"admin", "mes", "vendor", "customer"}
Context.User = New System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
In login_button click ,after checking user credentials ,i have written fallowing code
Dim arrRoles As New ArrayList()
Dim k As Integer
k = -1
While dr1.Read()
k = k + 1
arrRoles.Add(dr1("userrole"))
ticket = New FormsAuthenticationTicket(1, DropDownList4.SelectedValue.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), True, dr1.GetString(0), FormsAuthentication.FormsCookiePath)
hash = FormsAuthentication.Encrypt(ticket)
cookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
'cookie.Name
If (ticket.IsPersistent) Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
returnurl = Request.QueryString("ReturnUrl")
If (IsDBNull(returnurl) = True) Then
returnurl = "/"
Response.Redirect("login.aspx")
End If
End While
strRoles = arrRoles.ToArray(GetType(String))
Dim objPrincipal As GenericPrincipal = New GenericPrincipal(objIdentity, strRoles)
System.Threading.Thread.CurrentPrincipal = objPrincipal
If (Threading.Thread.CurrentPrincipal.IsInRole("admin") then
Server.Transfer(DropDownList3.SelectedValue.ToString() + "/default.aspx")
Else
status.Text = "Not Authorized"
End If
this code tranfer the controlto apprp. dir,but issue is that it does not support control events like dropdownlist_selected index changed,button _click etc it displays the ugly page with message 'Page cannot be displayed.
I have make req changes in web.config files and tried several options with lno success at all.If i make authorization attribute<deny users="*"/>.it gives above said issues.
On the other hand is i set <deny users="?"/>.It works fine ie page & control events works fine but User can move to any file in protected dir by giving url in address bar which was not possible in <deny users="*"/>case.
I will be thankful to anybody who can help me to recover from this tricky situation.
brajesh sharma