Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > User.IsInRole not redirecting

Reply
Thread Tools

User.IsInRole not redirecting

 
 
Bob Erwin
Guest
Posts: n/a
 
      11-21-2003
Hi there,

I have been reading up on Authorization and role based security for a couple
of days now, and am trying to implement this in my applications.

I'm having a problem with my roles being reconized by using the
user.isinrole("test") on the redirected page after the Login.

for instance, here is my code after I log into the page:


Dim test() As String = {"OEM", "test"}
HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, False)

At this point if I break at the formsAuthentication.....I watch the
User.isinrole("test") it shows up true, however, when I get redirected to
the webform1.aspx page and also watch user.isinrole("test") then it is
false.

I'm really confused on what I need to do...I've tried the
Threading.currentprincipal = new genericPrincipal(User.Identity, test) and
that didn't work as well. The User.identity.isauthenticated does come over
and also the User.identity.name comes over, it is just the
user.isinrole("test") that does not come over.

Any thoughts?

You help is greatly appreciated...

Thanks,
Bob


 
Reply With Quote
 
 
 
 
Paul Glavich
Guest
Posts: n/a
 
      11-22-2003
You need to associate your principal with associated roles for each request
that comes in. Once you have authenticated and redirected, typically all
that will be passed along (automatically that is) is that the user has been
authenticated. A common way of carrying the roles across multiple requests
is, once authenticated, store the roles in the cookie that is issued to the
client. Each request that comes in (via the Application_AuthenticateRequest
event in Global.asax), you extract the roles, create your generic principal
with the extracted roles, and associate that generic principal wih the
current context . When doing this, you should also remember to encrypt the
cookie.

--
- Paul Glavich


"Bob Erwin" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Hi there,
>
> I have been reading up on Authorization and role based security for a

couple
> of days now, and am trying to implement this in my applications.
>
> I'm having a problem with my roles being reconized by using the
> user.isinrole("test") on the redirected page after the Login.
>
> for instance, here is my code after I log into the page:
>
>
> Dim test() As String = {"OEM", "test"}
> HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
> FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, False)
>
> At this point if I break at the formsAuthentication.....I watch the
> User.isinrole("test") it shows up true, however, when I get redirected to
> the webform1.aspx page and also watch user.isinrole("test") then it is
> false.
>
> I'm really confused on what I need to do...I've tried the
> Threading.currentprincipal = new genericPrincipal(User.Identity, test) and
> that didn't work as well. The User.identity.isauthenticated does come

over
> and also the User.identity.name comes over, it is just the
> user.isinrole("test") that does not come over.
>
> Any thoughts?
>
> You help is greatly appreciated...
>
> Thanks,
> Bob
>
>



 
Reply With Quote
 
 
 
 
Bob Erwin
Guest
Posts: n/a
 
      12-01-2003
Hey Paul,

Thanks for the response. I still have a question with this though. Yes you
are correct that the authenticated user info is passed along automatically
for me. So are you saying that Generic Principals assocated with that
identity are *not* passed? Does that mean that I need to create a new
generic principal and populate it each time I re-direct to a new page?

Thanks,
Bob

"Paul Glavich" <(E-Mail Removed)-NOSPAM> wrote in message
news:(E-Mail Removed)...
> You need to associate your principal with associated roles for each

request
> that comes in. Once you have authenticated and redirected, typically all
> that will be passed along (automatically that is) is that the user has

been
> authenticated. A common way of carrying the roles across multiple requests
> is, once authenticated, store the roles in the cookie that is issued to

the
> client. Each request that comes in (via the

Application_AuthenticateRequest
> event in Global.asax), you extract the roles, create your generic

principal
> with the extracted roles, and associate that generic principal wih the
> current context . When doing this, you should also remember to encrypt the
> cookie.
>
> --
> - Paul Glavich
>
>
> "Bob Erwin" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
> > Hi there,
> >
> > I have been reading up on Authorization and role based security for a

> couple
> > of days now, and am trying to implement this in my applications.
> >
> > I'm having a problem with my roles being reconized by using the
> > user.isinrole("test") on the redirected page after the Login.
> >
> > for instance, here is my code after I log into the page:
> >
> >
> > Dim test() As String = {"OEM", "test"}
> > HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
> > FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, False)
> >
> > At this point if I break at the formsAuthentication.....I watch the
> > User.isinrole("test") it shows up true, however, when I get redirected

to
> > the webform1.aspx page and also watch user.isinrole("test") then it is
> > false.
> >
> > I'm really confused on what I need to do...I've tried the
> > Threading.currentprincipal = new genericPrincipal(User.Identity, test)

and
> > that didn't work as well. The User.identity.isauthenticated does come

> over
> > and also the User.identity.name comes over, it is just the
> > user.isinrole("test") that does not come over.
> >
> > Any thoughts?
> >
> > You help is greatly appreciated...
> >
> > Thanks,
> > Bob
> >
> >

>
>



 
Reply With Quote
 
Bob Erwin
Guest
Posts: n/a
 
      12-02-2003
Hey,

NeverMind on my last post. I was able to get this working based on the
information you had provided.

Just for those who are trying to do the same thing, I referenced:
http://www.codeproject.com/aspnet/formsroleauth.asp as well as other Deja
Articles.

And here is my code below:
'in my login button code
.........
Dim AuthTicket = New FormsAuthenticationTicket(1, oUserInfo.EmailAddress,
DateTime.Now, DateTime.Now.AddMinutes(30), False, oUserInfo.UserRoles,
FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(AuthTicket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
Response.Cookies.Add(cookie)
Response.Redirect(FormsAuthentication.GetRedirectU rl(oUserInfo.EmailAddress,
False), False)
end sub

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the use
If Request.IsAuthenticated Then
If User.Identity.IsAuthenticated Then
Dim id As FormsIdentity
id = HttpContext.Current.User.Identity
Dim AuthTicket As FormsAuthenticationTicket
AuthTicket = id.Ticket
Dim roles As String = AuthTicket.UserData
Dim RoleArray As String()
RoleArray = Split(roles, "|")
HttpContext.Current.User = New
GenericPrincipal(User.Identity, RoleArray)
End If
End If
End Sub

Thanks for your help...

Bob

"Paul Glavich" <(E-Mail Removed)-NOSPAM> wrote in message
news:(E-Mail Removed)...
> You need to associate your principal with associated roles for each

request
> that comes in. Once you have authenticated and redirected, typically all
> that will be passed along (automatically that is) is that the user has

been
> authenticated. A common way of carrying the roles across multiple requests
> is, once authenticated, store the roles in the cookie that is issued to

the
> client. Each request that comes in (via the

Application_AuthenticateRequest
> event in Global.asax), you extract the roles, create your generic

principal
> with the extracted roles, and associate that generic principal wih the
> current context . When doing this, you should also remember to encrypt the
> cookie.
>
> --
> - Paul Glavich
>
>
> "Bob Erwin" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
> > Hi there,
> >
> > I have been reading up on Authorization and role based security for a

> couple
> > of days now, and am trying to implement this in my applications.
> >
> > I'm having a problem with my roles being reconized by using the
> > user.isinrole("test") on the redirected page after the Login.
> >
> > for instance, here is my code after I log into the page:
> >
> >
> > Dim test() As String = {"OEM", "test"}
> > HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
> > FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, False)
> >
> > At this point if I break at the formsAuthentication.....I watch the
> > User.isinrole("test") it shows up true, however, when I get redirected

to
> > the webform1.aspx page and also watch user.isinrole("test") then it is
> > false.
> >
> > I'm really confused on what I need to do...I've tried the
> > Threading.currentprincipal = new genericPrincipal(User.Identity, test)

and
> > that didn't work as well. The User.identity.isauthenticated does come

> over
> > and also the User.identity.name comes over, it is just the
> > user.isinrole("test") that does not come over.
> >
> > Any thoughts?
> >
> > You help is greatly appreciated...
> >
> > Thanks,
> > Bob
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect... Not redirecting =?Utf-8?B?U2hhcmsgQmFpdA==?= ASP .Net 1 02-17-2005 02:20 PM
Handling errors and not redirecting to a custom error page =?Utf-8?B?Sm9yZ2UgTWF0b3M=?= ASP .Net 2 10-29-2004 06:17 PM
Forms Authentication - Not timing out, not redirecting. AVance ASP .Net Security 3 08-19-2004 02:07 PM
Forms Authentication - Not timing out, not redirecting. AVance ASP .Net 1 07-28-2004 08:23 PM
not redirecting to login page while using forms authentication Pradeep Pise ASP .Net 0 07-09-2004 07:27 AM



Advertisments