FormsAuthentication - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

FormsAuthentication

Message

22/07/2016 12:04:47

Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidade

Tous

Information générale

Forum:

ASP.NET

Catégorie:

Autre

Titre:

FormsAuthentication

Versions des environnements

Environment:

C# 4.0

Database:

MS SQL Server

Application:

Web

Divers

Thread ID:

01638559

Message ID:

01638559

Vues:

Hi,
I'm trying to understand the FormsAuthentication built into ASP.NET.

I've registered a couple of users in a site that created the security pages by default (not sure if that is an APS.NET thing or a DevExpress thing).

It created a Login, Register and ChangePassword set of pages. I found the database with the registration info and manually added two roles using SQL INSERT. I then added a row to set one of the users to be in the Adminsitrators role and the other to be in the Users role.

In my web.config I have this:

  <location path="Clients.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrators"/>
      </authorization>
    </system.web>
  </location>

I need to add this line in apparently:
<deny users="*" />
this should then deny everybody who is not in the Adminstrators role, right?

When the user goes to the Clients.aspx page, they should get prompted to login if they are not in the Administrators role, not so?

In my case they are able to access the page.

If they are not logged in at all, then they get prompted to login when they try to access this page.

Any ideas what I am doing wrong?

Later

I think I understand it now. I need to handle the roles myself, so in my global.asax I need code like this:

        protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
            if (HttpContext.Current.User != null)
            {
                if (HttpContext.Current.User.Identity.IsAuthenticated)
                {
                    if (HttpContext.Current.User.Identity is FormsIdentity)
                    {
                        SqlConnection conn;
                        SqlCommand cmd;
                        conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString);
                        conn.Open();

                        cmd = new SqlCommand("Select RoleName from aspnet_Roles inner join aspnet_UsersInRoles on aspnet_Roles.RoleId = aspnet_UsersInRoles.RoleId inner join aspnet_Users on aspnet_UsersInRoles.UserId = aspnet_Users.UserId where username=@userName", conn);
                        cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25);
                        cmd.Parameters["@userName"].Value = User.Identity.Name;
                        cmd.Connection = conn;

                        SqlDataReader reader = cmd.ExecuteReader();
                        List<string> roleList = new List<string>();

                        if (reader.HasRows)
                        {
                            while (reader.Read())
                            {
                                roleList.Add(reader.GetString(0)); //"RoleName"
                            }
                        }

                        HttpContext.Current.User = new GenericPrincipal(User.Identity, roleList.ToArray());
                    }
                }
            }
        }

Then the User.IsInRole also works properly.

Thanks for your help Frank ;0)

Frank.

Frank Cazabon
Samaan Systems Ltd.
www.samaansystems.com

Répondre

Fil

Voir

Click here to load this message in the networking platform