|
|
|
|
|
|||||||
 |
ASP Net - Role-based security: Access the role of current user |
|
|
Thread Tools | Search this Thread |
08-23-2003, 12:56 PM
|
#1 |
Role-based security: Access the role of current user
I have implemented role-based security within my ASP.Net application.
However, it seems the role is not passed to the authentication ticket I create. I want to use it to display/hide some content based on the user's role. I wrote this to do it: if (HttpContext.Current.User.Identity.IsAuthenticated ) { plLoggedIn.Visible = true; liFirstName.Text = HttpContext.Current.User.Identity.Name; // This condition is causing me problems. // The condition always returns false, and hence writes // "user" regardless of what I log on as. if (HttpContext.Current.User.IsInRole("Administrator" )) { liUserRole.Text = "administrator"; } else { liUserRole.Text = "user"; } } else { plLogin.Visible = true; // if not logged in, show login-form } I create my ticket as: FormsAuthenticationTicket oTicket = new FormsAuthenticationTicket( 1, txtUserName.Text, //user name from form DateTime.Now, DateTime.Now.AddMinutes(30), false, //deletes cookie when closing browser session. oData.GetString(0), //Data from db with value either "Administrator" //or "User" FormsAuthentication.FormsCookiePath ); In my global.asax I added the code: if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated ) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, the string userData = ticket.UserData; //Should contain e.g. "User" string[] roles = userData.Split(','); HttpContext.Current.User = new GenericPrincipal(id, roles); } } } It seems the ticket is created well enough - at least it is possible to extract the username with User.Identity.Name, but the role passed as userData above seems to be empty. Is there any way to see what the role of a current user is - without doing a explicit match like User.IsInRole("<some role name>") I would like to be able to do something similar to someLabel.Text = "Your role is: " + User.Identity.Role(); .... but I cannot find the right way to do it. I know this is a lot of code, but can any of you see where I am missing something? Thanks, -- Jesper Stocholm - http://stocholm.dk Copenhagen, Denmark Jesper Stocholm |
|
|
|
08-23-2003, 03:14 PM
|
#2 |
|
Posts: n/a
|
Re: Role-based security: Access the role of current user
John Saunders wrote :
> Jesper, > > I don't see anything wrong in your code. > > Have you checked in the debugger to see that the role is always > present in global.asax? Ehm - how do I do this? My application is not compiled to a complete dll using codebehind, but each .aspx.cs-file is compiled (initially) at runtime. > Another experiment might be to create your > GenericPrincipal with a new Identity, just to see if this new Identity > makes it as far as the Page_Load of one of your pages. I will try that. It seems there is no problem with the userdata contained in my ticket, since I am able to write oTicket.UserData to the page and get e.g. "Administrator". Also, Page.User.Current.Identity.Name is available - just not the role. Thanks for your time - I must admit that I am a bit lost with this problem, so any help is appreciated.  )-- Jesper Stocholm - http://stocholm.dk Copenhagen, Denmark Jesper Stocholm |
|
|
|
08-23-2003, 07:59 PM
|
#3 |
|
Posts: n/a
|
Re: Role-based security: Access the role of current user
"Jesper Stocholm" <> wrote in message
news:Xns93E0A5C86B133stocholmdk@130.226.1.34... > John Saunders wrote : > > > Jesper, > > > > I don't see anything wrong in your code. > > > > Have you checked in the debugger to see that the role is always > > present in global.asax? > > Ehm - how do I do this? My application is not compiled to a complete dll > using codebehind, but each .aspx.cs-file is compiled (initially) at > runtime. I don't know how you debug code except in codebehind. You could use Page.Trace.Write, but I always use codebehind, so I don't know of any other way. Try writing out the role in global.asax. > > Another experiment might be to create your > > GenericPrincipal with a new Identity, just to see if this new Identity > > makes it as far as the Page_Load of one of your pages. > > I will try that. It seems there is no problem with the userdata contained > in my ticket, since I am able to write oTicket.UserData to the page and > get e.g. "Administrator". When do you write it out? In global.asax? The question isn't whether it's correct on your login page, but whether it's correct later in global.asax on subsequent page requests. > Also, Page.User.Current.Identity.Name is > available - just not the role. Correct. The roles are only available via IsInRole. -- John Saunders Internet Engineer John Saunders |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Computer Security Information and What You Can Do To Keep Your SystemSafe! | Ann.Anderson.group.com@gmail.com | A+ Certification | 0 | 12-06-2007 01:55 AM |
| Computer Security | aldrich.chappel.com.use@gmail.com | A+ Certification | 0 | 11-27-2007 02:11 AM |
| General question: big-name, Web based ISP Security Suites | smackedass | A+ Certification | 3 | 03-12-2006 09:26 PM |
| Re: public access computers..security with xp/2k | Pikoro | A+ Certification | 4 | 08-21-2003 07:10 PM |
| Re: public access computers..security with xp/2k | Russ | A+ Certification | 1 | 07-14-2003 01:26 AM |
