Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > NT based roles using forms authentication

Reply
Thread Tools

NT based roles using forms authentication

 
 
Sharat Koya
Guest
Posts: n/a
 
      08-13-2004
Please can you help with a problem I am having.

My web config is set to...
<authorization><deny users="?"/>
<authentication mode="Forms">
<forms name=".COOKIE" loginUrl="login.aspx" protection="All"
timeout="5" path="/"/>
</authentication>
<identity impersonate="true"/>

login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(TextBoxUsername.Text,
"HILLSRD",
TextBoxPassword.Text,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token) != 0)
{

FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
CBoxRememberMe.Checked);

}

but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?


many thanks for any help on this.

Sharat Koya
 
Reply With Quote
 
 
 
 
Scott Allen
Guest
Posts: n/a
 
      08-13-2004
Hi Sharat:

I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:

<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>

This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards.

--
Scott
http://www.OdeToCode.com


On 13 Aug 2004 08:12:33 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) (Sharat
Koya) wrote:

>Please can you help with a problem I am having.
>
>My web config is set to...
><authorization><deny users="?"/>
><authentication mode="Forms">
><forms name=".COOKIE" loginUrl="login.aspx" protection="All"
>timeout="5" path="/"/>
></authentication>
><identity impersonate="true"/>
>
>login.aspx uses advapi32.dll to create the token and authenticate the
>user
>using the code..
>if(LogonUser(TextBoxUsername.Text,
> "HILLSRD",
> TextBoxPassword.Text,
> LOGON32_LOGON_INTERACTIVE,
> LOGON32_PROVIDER_DEFAULT,
> ref token) != 0)
> {
>
> FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
>CBoxRememberMe.Checked);
>
> }
>
>but when I want to enable NT group security but when I go to access
>User.IsInRole it always returns false? I digged a little deeper by
>live debugging and found that m_roles array is always empty. What am I
>doing wrong - why aren't the roles avaialble that are on the domain?
>
>
>many thanks for any help on this.
>
>Sharat Koya


 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      08-13-2004
<identity impersonate="true"/> means to impersonate the iis authenticated
user, in your case because you are using forms authentication, the iis user
is the anonymous login.

because you are using forms authentication, its your job to fill in the
roles. you will need to do this on every request.

-- bruce (sqlwork.com)


"Sharat Koya" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Please can you help with a problem I am having.
>
> My web config is set to...
> <authorization><deny users="?"/>
> <authentication mode="Forms">
> <forms name=".COOKIE" loginUrl="login.aspx" protection="All"
> timeout="5" path="/"/>
> </authentication>
> <identity impersonate="true"/>
>
> login.aspx uses advapi32.dll to create the token and authenticate the
> user
> using the code..
> if(LogonUser(TextBoxUsername.Text,
> "HILLSRD",
> TextBoxPassword.Text,
> LOGON32_LOGON_INTERACTIVE,
> LOGON32_PROVIDER_DEFAULT,
> ref token) != 0)
> {
>
> FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
> CBoxRememberMe.Checked);
>
> }
>
> but when I want to enable NT group security but when I go to access
> User.IsInRole it always returns false? I digged a little deeper by
> live debugging and found that m_roles array is always empty. What am I
> doing wrong - why aren't the roles avaialble that are on the domain?
>
>
> many thanks for any help on this.
>
> Sharat Koya



 
Reply With Quote
 
Scott Allen
Guest
Posts: n/a
 
      08-13-2004
You could create locked down local accounts on the web server and
still use Windows authentication. If the server doesn't recognize
thier current credentials the browser will prompt for then to enter a
username, password and domain (machine name) to log in with.

--
Scott
http://www.OdeToCode.com

On Fri, 13 Aug 2004 11:37:03 -0700, "Sharat Koya" <Sharat
(E-Mail Removed)> wrote:

>The reason I am using this method is that it allows users to be logged in on
>a secure locked down account whilst allowing them the option to log in as
>them selves and change between users without logging off the account. Is
>there a way of perserving this idea without implementing database stored
>roles?
>
>thanks
>
>"Scott Allen" wrote:
>
>> Hi Sharat:
>>
>> I'm not sure what the requirements are for your application, but I'm
>> thinking you could save yourself a good deal of code if you let
>> Windows manage the authentication and impersonation with a web.config
>> along the lines of:
>>
>> <system.web>
>> <authentication mode="Windows"/>
>> <identity impersonate="true"/>
>> <authorization>
>> <deny users="?"/>
>> <allow users="*"/>
>> </authorization>
>> </system.web>
>>
>> This will avoid you having to use LogonUser in your code. If you do go
>> this way - you need to use the token given out by LogonUser to do the
>> impersonation, and pass the token to CloseHandle for proper cleanup
>> afterwards.
>>
>> --
>> Scott
>> http://www.OdeToCode.com
>>
>>
>> On 13 Aug 2004 08:12:33 -0700, (E-Mail Removed) (Sharat
>> Koya) wrote:
>>
>> >Please can you help with a problem I am having.
>> >
>> >My web config is set to...
>> ><authorization><deny users="?"/>
>> ><authentication mode="Forms">
>> ><forms name=".COOKIE" loginUrl="login.aspx" protection="All"
>> >timeout="5" path="/"/>
>> ></authentication>
>> ><identity impersonate="true"/>
>> >
>> >login.aspx uses advapi32.dll to create the token and authenticate the
>> >user
>> >using the code..
>> >if(LogonUser(TextBoxUsername.Text,
>> > "HILLSRD",
>> > TextBoxPassword.Text,
>> > LOGON32_LOGON_INTERACTIVE,
>> > LOGON32_PROVIDER_DEFAULT,
>> > ref token) != 0)
>> > {
>> >
>> > FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
>> >CBoxRememberMe.Checked);
>> >
>> > }
>> >
>> >but when I want to enable NT group security but when I go to access
>> >User.IsInRole it always returns false? I digged a little deeper by
>> >live debugging and found that m_roles array is always empty. What am I
>> >doing wrong - why aren't the roles avaialble that are on the domain?
>> >
>> >
>> >many thanks for any help on this.
>> >
>> >Sharat Koya

>>
>>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
Forms Based Authentication and AD and Roles and Security Trimming! Eric ASP .Net Security 0 11-01-2006 03:24 PM
How to add roles to user using Forms Authentication in ASP.NET 2.0 Jules ASP .Net 2 03-24-2006 10:56 AM
How Do I Implement Roles For Forms-Based Authentication? Joey ASP .Net 2 10-26-2005 08:52 AM
Forms Authentication based on roles. Luis Esteban Valencia Muņoz perrohijueputa@hotmail.com ASP .Net Security 0 08-09-2004 06:26 PM



Advertisments