Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > IsInRole problem

Reply
Thread Tools

IsInRole problem

 
 
Colin Peters
Guest
Posts: n/a
 
      10-28-2005
Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole
based upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers
 
Reply With Quote
 
 
 
 
Colin Peters
Guest
Posts: n/a
 
      10-28-2005
Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

Colin Peters wrote:

> Hi,
>
> I have the following problem:
>
> I've implemented role based security and it worked fine on both my local
> dev machine and my remote shared host. Now it only works on my dev
> machine. My shared host had some unidentified problems but I'm not sure
> they are related so I can't really ask them to change something.
>
> So I thought I'd investigate myself. I found by outputing to the page in
> the prod environment, that I get the right roles via:
>
> FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
> FormsAuthenticationTicket ticket = id.Ticket;
>
> // Get the stored user-data, in this case, our roles
> string userData = ticket.UserData;
> string[] roles = userData.Split(',');
>
> so I know the roles are stored int he cookie OK.
>
> In the Application_AuthenticateRequest method I then use this info thus:
> HttpContext.Current.User = new GenericPrincipal(id, roles);
>
> But when I go to retrieve the roles:
>
> Type type = princ.GetType();
> FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
> BindingFlags.NonPublic);
> String[] roles = (String[]) field.GetValue(princ);
>
>
> I find that it is empty. Also using User.IsInRole function never returns
> true even though I know I have that role from the previous output.
>
> All of the above works fine on my dev machine, so I'm trying to find out
> what can have an influence on this. Does the machine.cfg file have any
> settings? Can IIS setup make a difference?
>
> I'm rather puzzled, and tempted to write my own version of IsInRole
> based upon what I can extract myself from the cookie.
>
> Also, it seems that Session_End is also not firing? I get the impression
> that my host has fixed one thing and broken another. What can I check to
> give them some proof of what's at fault?
>
> Cheers

 
Reply With Quote
 
 
 
 
Patrick Allmond - Focus Consulting Inc
Guest
Posts: n/a
 
      11-09-2005
Colin - What ever came of this?

"Colin Peters" <(E-Mail Removed)> wrote in message
news:43628e35$(E-Mail Removed)...
> Session_Start isn't firing either. What's going on? I have
>
> sessionState
> mode="InProc"
>
> This is getting plain silly.
>
> Colin Peters wrote:
>
>> Hi,
>>
>> I have the following problem:
>>
>> I've implemented role based security and it worked fine on both my local
>> dev machine and my remote shared host. Now it only works on my dev
>> machine. My shared host had some unidentified problems but I'm not sure
>> they are related so I can't really ask them to change something.
>>
>> So I thought I'd investigate myself. I found by outputing to the page in
>> the prod environment, that I get the right roles via:
>>
>> FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
>> FormsAuthenticationTicket ticket = id.Ticket;
>>
>> // Get the stored user-data, in this case, our roles
>> string userData = ticket.UserData;
>> string[] roles = userData.Split(',');
>>
>> so I know the roles are stored int he cookie OK.
>>
>> In the Application_AuthenticateRequest method I then use this info thus:
>> HttpContext.Current.User = new GenericPrincipal(id, roles);
>>
>> But when I go to retrieve the roles:
>>
>> Type type = princ.GetType();
>> FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
>> BindingFlags.NonPublic);
>> String[] roles = (String[]) field.GetValue(princ);
>>
>>
>> I find that it is empty. Also using User.IsInRole function never returns
>> true even though I know I have that role from the previous output.
>>
>> All of the above works fine on my dev machine, so I'm trying to find out
>> what can have an influence on this. Does the machine.cfg file have any
>> settings? Can IIS setup make a difference?
>>
>> I'm rather puzzled, and tempted to write my own version of IsInRole based
>> upon what I can extract myself from the cookie.
>>
>> Also, it seems that Session_End is also not firing? I get the impression
>> that my host has fixed one thing and broken another. What can I check to
>> give them some proof of what's at fault?
>>
>> Cheers



 
Reply With Quote
 
KMA
Guest
Posts: n/a
 
      11-10-2005
Patrick,

You have no idea of how my heart leapt when I saw a reply to my
question.....

.... only to find you probably have the same problem.

Progress so far.

It seems that session is screwed up on the host machine. I put DivZero code
in session start and it never gets called. So I'm going to see if the host
can rectify it and if not I'll try another host.

Still, I did learn more about Roles and session.

Thanks for the interest.

"Patrick Allmond - Focus Consulting Inc" <(E-Mail Removed)> wrote
in message news:(E-Mail Removed)...
> Colin - What ever came of this?
>
> "Colin Peters" <(E-Mail Removed)> wrote in message
> news:43628e35$(E-Mail Removed)...
> > Session_Start isn't firing either. What's going on? I have
> >
> > sessionState
> > mode="InProc"
> >
> > This is getting plain silly.
> >
> > Colin Peters wrote:
> >
> >> Hi,
> >>
> >> I have the following problem:
> >>
> >> I've implemented role based security and it worked fine on both my

local
> >> dev machine and my remote shared host. Now it only works on my dev
> >> machine. My shared host had some unidentified problems but I'm not sure
> >> they are related so I can't really ask them to change something.
> >>
> >> So I thought I'd investigate myself. I found by outputing to the page

in
> >> the prod environment, that I get the right roles via:
> >>
> >> FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
> >> FormsAuthenticationTicket ticket = id.Ticket;
> >>
> >> // Get the stored user-data, in this case, our roles
> >> string userData = ticket.UserData;
> >> string[] roles = userData.Split(',');
> >>
> >> so I know the roles are stored int he cookie OK.
> >>
> >> In the Application_AuthenticateRequest method I then use this info

thus:
> >> HttpContext.Current.User = new GenericPrincipal(id, roles);
> >>
> >> But when I go to retrieve the roles:
> >>
> >> Type type = princ.GetType();
> >> FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
> >> BindingFlags.NonPublic);
> >> String[] roles = (String[]) field.GetValue(princ);
> >>
> >>
> >> I find that it is empty. Also using User.IsInRole function never

returns
> >> true even though I know I have that role from the previous output.
> >>
> >> All of the above works fine on my dev machine, so I'm trying to find

out
> >> what can have an influence on this. Does the machine.cfg file have any
> >> settings? Can IIS setup make a difference?
> >>
> >> I'm rather puzzled, and tempted to write my own version of IsInRole

based
> >> upon what I can extract myself from the cookie.
> >>
> >> Also, it seems that Session_End is also not firing? I get the

impression
> >> that my host has fixed one thing and broken another. What can I check

to
> >> give them some proof of what's at fault?
> >>
> >> Cheers

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IsInRole problem =?Utf-8?B?SnVsaWE=?= ASP .Net 1 12-05-2006 09:59 AM
IsInRole problem? =?Utf-8?B?RGF2ZQ==?= ASP .Net 2 03-25-2005 01:04 AM
problem with .IsInRole =?Utf-8?B?UGV0ZXI=?= ASP .Net 0 01-25-2005 11:57 AM
isInRole Problem arjun ASP .Net 5 11-30-2004 05:25 AM
ASP.NET Context.User.IsInRole XP Problem Jim McLeod ASP .Net Security 0 06-07-2004 04:06 PM



Advertisments