Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Restrict users using Application_AcquireRequestState?

Reply
Thread Tools

Restrict users using Application_AcquireRequestState?

 
 
=?Utf-8?B?RGF2ZQ==?=
Guest
Posts: n/a
 
      03-02-2005
We have an intranet application that is under Integrated security. So in
theory, anyone who has an Active Directory account in the company can access
my app.

So, to allow only certain users, I created a user table of domain accounts
and check these in the Application_AcquireRequestState event by comparing the
Identity.Name to names in my table. If OK, I set a session variable
HasAccess to "1" since sessions are available in this event.

Then, on subsequent page requests, this event checks the
Request.IsAuthenticated and then the Session["HasAccess"] to allow them in
or not.

Is this approach valid or is there a better way? It seems to work OK,
except I have webservices on the site as well which, when requested, also
fires the Application_AcquireRequestState event BUT when I try to access the
Session variables, it returns a null object reference because it seems the
Session is never actually created by a webservice request.


 
Reply With Quote
 
 
 
 
Scott Allen
Guest
Posts: n/a
 
      03-02-2005
Hi Dave:

Session state is disabled by default for asmx, but you can change the
default.

Another idea is to organize authorized users into an Active Directory
group in your domain. Then you add an <authorization> section to
web.config and restrict the app to just members of the group. No extra
code required!

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Wed, 2 Mar 2005 09:59:06 -0800, "Dave"
<(E-Mail Removed)> wrote:

>We have an intranet application that is under Integrated security. So in
>theory, anyone who has an Active Directory account in the company can access
>my app.
>
>So, to allow only certain users, I created a user table of domain accounts
>and check these in the Application_AcquireRequestState event by comparing the
>Identity.Name to names in my table. If OK, I set a session variable
>HasAccess to "1" since sessions are available in this event.
>
>Then, on subsequent page requests, this event checks the
>Request.IsAuthenticated and then the Session["HasAccess"] to allow them in
>or not.
>
>Is this approach valid or is there a better way? It seems to work OK,
>except I have webservices on the site as well which, when requested, also
>fires the Application_AcquireRequestState event BUT when I try to access the
>Session variables, it returns a null object reference because it seems the
>Session is never actually created by a webservice request.
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict number of users Gerhard ASP .Net 11 07-08-2009 04:42 PM
Restrict '\' character using RegularExpression Validator.. =?Utf-8?B?ZGVuIDIwMDU=?= ASP .Net 2 05-09-2006 08:06 AM
How to Synchronize anonymous users with authenticated users using profiles? Rodusa ASP .Net 2 09-08-2005 08:12 PM
Re: Restrict Bandwidth to users Jack Wireless Networking 0 09-10-2004 11:35 PM
How to restrict elements by reference to another element using XML schema Piers Chivers XML 0 02-18-2004 11:17 AM



Advertisments