Hjzrbztvdjrkh
New Member
Hello,<BR><BR>I can't get the Role Based access to work. It doesn't seen to connect the role to the user. I have included the code below. Please help me out here. (Code in C#)<BR><BR>Thanks Mark Nijhof<BR><BR>web.config file in secured directory:<BR><BR><configuration><BR> <system.web><BR> <authorization><BR> <allow roles="Administrator" /><BR> <deny users="*" /><BR> </authorization><BR> </system.web><BR></configuration><BR><BR>Validation function: (is beeing called correctly, and the function Authenticate returns true)<BR><BR>public void Login_Click(Object sender, EventArgs E) {<BR>if (Authenticate(UserName.Text.ToString(), UserPass.Text.ToString())) {<BR>GenericIdentity objIdentity = new GenericIdentity(eMail.ToString());<BR>String myUserName = Context.User.Identity.Name;<BR>ArrayList myRoles = new ArrayList();<BR>myRoles.Add("Administrator");<BR><BR>GenericPrincipal objPrincipal = new GenericPrincipal(objIdentity, (String[])myRoles.ToArray(myUserName.GetType()));<BR>Thread.CurrentPrincipal = objPrincipal;<BR> <BR>FormsAuthentication.RedirectFromLoginPage(objIdent ity.Name.ToString(), PersistCookie.Checked);<BR>} else {<BR>UserPass.Text = "";<BR>}<BR>}<BR>Have you debug'ged your code, by Trace.Write'ing out something like:<BR><BR> Trace.Write((string) User.IsInRole('Administrator')) ;<BR><BR>To see whether or not the role was ever actually set? I've taken for granted that the user is *actually* authenticated - have you checked that?<BR><BR>As an aside, if I were you, I'd move all of the code that is responsible for creating your own GenericPrincipal into the 'Application_AuthenticateRequest' event handler, located in the global.asax file.Hello,<BR><BR>I tryed if (User.IsInRole("Administrator")) { Response.Write("Admin"); } and that didn't give any output.<BR><BR>Do you have a example for me with the 'application_AuthenticateRequest';<BR><BR>Thanks Mark Nijhof<BR>[email protected] should start by reading this:<BR><BR>http://www.4guysfromrolla.com/webtech/121901-1.shtml<BR><BR>... there's also a page here:<BR><BR>http://www.asp.net/ibuyspy/portalpaper.aspx?tabindex=3<BR><BR>.. that discusses the IBuySpy implementation of role based security.<BR><BR>Please let me know if you still have trouble with it 
<BR>Hi,<BR><BR>I've read both of them, but still have problems ..<BR>I have the code below:<BR><BR>UserRole = GetRoles(UserEmail.Text.ToString());<BR>GenericIdentity MyIdentity = new GenericIdentity(UserEmail.Text);<BR>String[] MyStringArray = {UserRole};<BR>GenericPrincipal MyPrincipal = new GenericPrincipal(MyIdentity, MyStringArray);<BR>Thread.CurrentPrincipal = MyPrincipal;<BR>String Name = MyPrincipal.Identity.Name;<BR>bool Auth = MyPrincipal.Identity.IsAuthenticated; <BR>bool IsInRole = MyPrincipal.IsInRole("Administrator");<BR>Response.Write("The Name is: "+ Name +"<BR>");<BR>Response.Write("The IsAuthenticated is: "+ Auth +"<BR>");<BR>Response.Write("Is this a Manager? "+ IsInRole +"<BR>");<BR><BR>This works on the same page but when I do a RedirectFromLoginPage all the rights are forgotten. <BR><BR>FormsAuthentication.RedirectFromLoginPage(MyPrinci pal.Identity.Name, false);<BR><BR>How do O get the rights to be known over the whole site. I don't have to do the autentication on all pages do I? Or do I have to use cookies?<BR><BR>Thanks Mark Nijhof<BR><BR>Mark,<BR><BR>It's probably a little bit too hard trying to communicate effectively in a moderated forum and across time-zones. Perhaps we should switch to e-mail.<BR><BR>I'm too busy to look at this tonight (Australian time), but I'll e-mail you in the morning - or you can e-mail me at [email protected] - to get in touch.<BR><BR>There's obviously many areas that we could look in to find the error, and it's not terribly clear to me from the code that you've shown (although I must admit I haven't looked terribly hard), exactly where to start looking.<BR><BR>As you are probably aware, FormsAuthentication is also, informally, known as CookieAuthentication. What this means is that you *do* need to allow cookies for it to work! I presume that your problem does not lie there, eh?<BR><BR>If you cannot wait until tomorrow - that's probably Wednesday night your time - for an answer, then you could subscribe here...<BR> <BR> http://www.aspfriends.com/asplists/aspngsec.asp<BR><BR>... there are many *experts* there that can answer your questions relating to ASP.NET security issues.<BR><BR><BR>Cheers, (B) 
<BR>
<BR>Hi,<BR><BR>I've read both of them, but still have problems ..<BR>I have the code below:<BR><BR>UserRole = GetRoles(UserEmail.Text.ToString());<BR>GenericIdentity MyIdentity = new GenericIdentity(UserEmail.Text);<BR>String[] MyStringArray = {UserRole};<BR>GenericPrincipal MyPrincipal = new GenericPrincipal(MyIdentity, MyStringArray);<BR>Thread.CurrentPrincipal = MyPrincipal;<BR>String Name = MyPrincipal.Identity.Name;<BR>bool Auth = MyPrincipal.Identity.IsAuthenticated; <BR>bool IsInRole = MyPrincipal.IsInRole("Administrator");<BR>Response.Write("The Name is: "+ Name +"<BR>");<BR>Response.Write("The IsAuthenticated is: "+ Auth +"<BR>");<BR>Response.Write("Is this a Manager? "+ IsInRole +"<BR>");<BR><BR>This works on the same page but when I do a RedirectFromLoginPage all the rights are forgotten. <BR><BR>FormsAuthentication.RedirectFromLoginPage(MyPrinci pal.Identity.Name, false);<BR><BR>How do O get the rights to be known over the whole site. I don't have to do the autentication on all pages do I? Or do I have to use cookies?<BR><BR>Thanks Mark Nijhof<BR><BR>Mark,<BR><BR>It's probably a little bit too hard trying to communicate effectively in a moderated forum and across time-zones. Perhaps we should switch to e-mail.<BR><BR>I'm too busy to look at this tonight (Australian time), but I'll e-mail you in the morning - or you can e-mail me at [email protected] - to get in touch.<BR><BR>There's obviously many areas that we could look in to find the error, and it's not terribly clear to me from the code that you've shown (although I must admit I haven't looked terribly hard), exactly where to start looking.<BR><BR>As you are probably aware, FormsAuthentication is also, informally, known as CookieAuthentication. What this means is that you *do* need to allow cookies for it to work! I presume that your problem does not lie there, eh?<BR><BR>If you cannot wait until tomorrow - that's probably Wednesday night your time - for an answer, then you could subscribe here...<BR> <BR> http://www.aspfriends.com/asplists/aspngsec.asp<BR><BR>... there are many *experts* there that can answer your questions relating to ASP.NET security issues.<BR><BR><BR>Cheers, (B) <BR>