Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
Attention User Groups: Post your next INETA event here
  Return to Index  

aspdotnet_website_programming thread: Roles and permissions in ASP.NET, some ideas

Message #1 by "Mike Gale" <info@d...> on Fri, 15 Nov 2002 08:58:26 +1300
If anyone is looking at using Web.Config files to control authorization
to directories here's some ideas that may help.

If this is unclear look at the references at the bottom.

1) It can be done.  Easily if you know how!
2)  The Web.Configs I'm talking about look like
<?xml version="1.0" encoding="utf-8" ?>
<!-- ...  -->
<configuration>
	<system.web>
		<authorization>
			<allow roles="Client" />
			<deny users="?" />
			<deny users="*" />
		</authorization>
	</system.web>
</configuration>
3)  In Global.asax I have 
 Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
  ' Fires upon attempting to authenticate the use
  Dim currentContext As HttpContext = HttpContext.Current
   If Not (HttpContext.Current.User Is Nothing) Then
    If HttpContext.Current.User.Identity.IsAuthenticated Then
     If Not TypeOf Context.User Is SitePrincipal Then
      ' ASP.NET's regular forms authentication picked up our cookie, but
we
      ' haven't replaced the default context user with our own. Let's do
that
      ' now. We know that the previous context.user.identity.name is the
e-mail
      ' address (because we forced it to be on the login.aspx page)
      Dim newUser As New
SitePrincipal(currentContext.User.Identity.Name)
      currentContext.User = newUser
     End If
    End If
   End If
 End Sub
(This has not had it's first code review, and I like VB so no flames or
translation requests thank you.)
NOTE:  The principal object is not the same as that in the book but I
don't think that impacts.  I'm also handling the Principal differently
to in the book but I don't think that impacts either.

With those two I have directory level access control.  (In testing so
far I'm getting repeated login requests for unauthorized users, which
doesn't impact my real application so I've not tackled it yet, this is
"belt and braces" protection I'm doing.)

For further reading get excellent introductions from the following
(thanks to Seth and Kirk for their generous help here)
1)  Another MSDN article on GenericIdentity and GenericPrincipal is
http://tinyurl.com/2o7w. 
2)  The article I used to get this all going is from the Duwamish 7
Security section: http://tinyurl.com/2o8f.
3)  An example of the way I did it, and came across:
http://tinyurl.com/2pd0
4)  and http://tinyurl.com/2pd3

The following links also have useful material

http://tinyurl.com/2p9p
http://tinyurl.com/2p9s
http://tinyurl.com/2p9x

I hope that helps someone.

Mike Gale, Decision Engineering (NZ) Ltd.

PS.  I am regularly astonished how good this .NET programming is with
all the help available.

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy