This message was discovered on ASPFriends.com 'aspngescalate' list.
| Colm Hayden |
Hi all,
I have previously posted this question to Click here to reveal e-mail address and recieved no responses so any help is appreciated.
I have been experimenting with forms based authentication and trying to assign roles to a principle but have been unable to make the Principle and the assigned roles span page requests. These are the steps I have used
1 - Using the Web.Config settings (below) requests are redirected to a login page.
<authentication mode="Forms">
<forms
name=".Responsian_Cookie"
path="/"
loginUrl="Login.aspx"
protection="All"
timeout="10">
2 - The user is authenticated and the authentication cookie set before a redirect:
FormsAuthentication.SetAuthCookie(username, persistCookie);
3 - A new IPrincipal is created with roles read from a database
string[] roles = GetRoles(username)
IPrincipal principle = new GenericPrincipal(User.Identity, roles);
4 - The principal is assigned to the context (I have tried all three ways)
a) using Page.Context = principle;
b) using Thread.CurrentThread.Principal
c) using the global.asax
protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
{
// hardcoded
string[] roles = new string[]{"Administrator"};
GenericIdentity identity = new GenericIdentity("user");
e.User = new GenericPrincipal(identity, roles);
}
5 - On the subsequent page the role is checked:
if(User.IsInRole("Administrator"))
{
Trace.Warn("Page_Load", "User is an Administrator");
}
Results:
using (4.a), (5) evaluates to true in the same page, but not on the next page request
using (4.b), CurrentThread.CurrentThread.Principal is in the role within the same page
using (4.c), (5) evaluates to true on the requested page, but automatic redirection to the login page does not work.
Please could anyone shed some light on this for me.
Thanks in advance,
Colm
========================== Colm Hayden
Responsian Ltd,
Tel: 028 9024 2116
Fax: 028 9050 1909
==========================
|
|
| |
| |
| Dennis Werry |
I had this problem right after beta 2 came out: here is what I and some
others on the list worked out.
I keep the roles stuffed in the user data of the ticket and retrieve them
like so.
HTH
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
Dim app As HttpApplication &# C;Type(sender, HttpApplication)
Dim ctx As HttpContext &# a;pp.Context
If ctx.Request.IsAuthenticated Then
Dim ck As HttpCookie
ck &# F;ormsAuthentication.GetAuthCookie(ctx.User.Identity.Name,
False)
Dim strName As String &# c;tx.User.Identity.Name
Dim id As FormsIdentity &# C;Type(ctx.User.Identity, FormsIdentity)
Dim tk As FormsAuthenticationTicket &# i;d.Ticket
Dim newTk As FormsAuthenticationTicket FormsAuthentication.RenewTicketIfOld(tk)
If Not newTk Is tk Then
Dim CookieName As String &# F;ormsAuthentication.FormsCookieName
ctx.Response.Cookies(CookieName).Value FormsAuthentication.Encrypt(newTk)
End If
' grab the roles from our user data (since the framework doesn't
remember them for us)
Dim strRoles As String &# t;k.UserData
Dim c() As Char &# {;","c}
Context.User &# N;ew GenericPrincipal(User.Identity,
strRoles.Split(c))
End If
End Sub
-----Original Message-----
From: Colm Hayden [mailto:Click here to reveal e-mail address]
Sent: Friday, September 14, 2001 12:14 PM
To: aspngescalate
Subject: [aspngescalate] Unanswered: Role-based forms authentication
question
Hi all,
I have previously posted this question to Click here to reveal e-mail address and
recieved no responses so any help is appreciated.
I have been experimenting with forms based authentication and trying to
assign roles to a principle but have been unable to make the Principle and
the assigned roles span page requests. These are the steps I have used
1 - Using the Web.Config settings (below) requests are redirected to a
login page.
<authentication mode&#"F;orms">
<forms
name&#".;Responsian_Cookie"
path&#"/;"
loginUrl&#"L;ogin.aspx"
protection&#"A;ll"
timeout&#"1;0">
2 - The user is authenticated and the authentication cookie set before a
redirect:
FormsAuthentication.SetAuthCookie(username, persistCookie);
3 - A new IPrincipal is created with roles read from a database
string[] roles &# G;etRoles(username)
IPrincipal principle &# n;ew GenericPrincipal(User.Identity, roles);
4 - The principal is assigned to the context (I have tried all three ways)
a) using Page.Context &# p;rinciple;
b) using Thread.CurrentThread.Principal
c) using the global.asax
protected void FormsAuthentication_OnAuthenticate(Object sender,
FormsAuthenticationEventArgs e)
{
// hardcoded
string[] roles &# n;ew string[]{"Administrator"};
GenericIdentity identity &# n;ew GenericIdentity("user");
e.User &# n;ew GenericPrincipal(identity, roles);
}
5 - On the subsequent page the role is checked:
if(User.IsInRole("Administrator"))
{
Trace.Warn("Page_Load", "User is an Administrator");
}
Results:
using (4.a), (5) evaluates to true in the same page, but not on the next
page request
using (4.b), CurrentThread.CurrentThread.Principal is in the role within
the same page
using (4.c), (5) evaluates to true on the requested page, but automatic
redirection to the login page does not work.
Please could anyone shed some light on this for me.
Thanks in advance,
Colm
&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;
Colm Hayden
Responsian Ltd,
Tel: 028 9024 2116
Fax: 028 9050 1909
&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;
| [aspngescalate] member Click here to reveal e-mail address &# Y;OUR ID |
http://www.asplists.com/asplists/aspngescalate.asp &# J;OIN/QUIT
|
|
| |
|
| |
| Colm Hayden |
Hi Dennis,
Thanks for the reply. I have tried your example and it does indeed allow me to assign roles that can be read on any page request.
I have one quick question on how you populate the user data in the first place.
This is a read only property, so I imagine that it must have to be set upon construction of the FormsAuthenticationTicket.
Does this mean that I cannot use the FormsAuthentication.SetAuthCookie() method, but instead would have to create my own ticket and attach it to the cookies collection?
If so, do you have an example of how to do this?
Thanks again,
Colm
----- Original Message -----
From: Dennis Werry
To: aspngescalate
Sent: Friday, September 14, 2001 6:37 PM
Subject: [aspngescalate] RE: Unanswered: Role-based forms authentication question
I had this problem right after beta 2 came out: here is what I and some others on the list worked out.
I keep the roles stuffed in the user data of the ticket and retrieve them like so.
HTH
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires upon attempting to authenticate the user
Dim app As HttpApplication = CType(sender, HttpApplication)
Dim ctx As HttpContext = app.Context
If ctx.Request.IsAuthenticated Then
Dim ck As HttpCookie
ck = FormsAuthentication.GetAuthCookie(ctx.User.Identity.Name, False)
Dim strName As String = ctx.User.Identity.Name
Dim id As FormsIdentity = CType(ctx.User.Identity, FormsIdentity)
Dim tk As FormsAuthenticationTicket = id.Ticket
Dim newTk As FormsAuthenticationTicket = FormsAuthentication.RenewTicketIfOld(tk)
If Not newTk Is tk Then
Dim CookieName As String = FormsAuthentication.FormsCookieName
ctx.Response.Cookies(CookieName).Value = FormsAuthentication.Encrypt(newTk)
End If
' grab the roles from our user data (since the framework doesn't remember them for us)
Dim strRoles As String = tk.UserData
Dim c() As Char = {","c}
Context.User = New GenericPrincipal(User.Identity, strRoles.Split(c))
End If
End Sub
-----Original Message-----
From: Colm Hayden [mailto:Click here to reveal e-mail address]
Sent: Friday, September 14, 2001 12:14 PM
To: aspngescalate
Subject: [aspngescalate] Unanswered: Role-based forms authentication question
Hi all,
I have previously posted this question to Click here to reveal e-mail address and recieved no responses so any help is appreciated.
I have been experimenting with forms based authentication and trying to assign roles to a principle but have been unable to make the Principle and the assigned roles span page requests. These are the steps I have used
1 - Using the Web.Config settings (below) requests are redirected to a login page.
<authentication mode="Forms">
<forms
name=".Responsian_Cookie"
path="/"
loginUrl="Login.aspx"
protection="All"
timeout="10">
2 - The user is authenticated and the authentication cookie set before a redirect:
FormsAuthentication.SetAuthCookie(username, persistCookie);
3 - A new IPrincipal is created with roles read from a database
string[] roles = GetRoles(username)
IPrincipal principle = new GenericPrincipal(User.Identity, roles);
4 - The principal is assigned to the context (I have tried all three ways)
a) using Page.Context = principle;
b) using Thread.CurrentThread.Principal
c) using the global.asax
protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
{
// hardcoded
string[] roles = new string[]{"Administrator"};
GenericIdentity identity = new GenericIdentity("user");
e.User = new GenericPrincipal(identity, roles);
}
5 - On the subsequent page the role is checked:
if(User.IsInRole("Administrator"))
{
Trace.Warn("Page_Load", "User is an Administrator");
}
Results:
using (4.a), (5) evaluates to true in the same page, but not on the next page request
using (4.b), CurrentThread.CurrentThread.Principal is in the role within the same page
using (4.c), (5) evaluates to true on the requested page, but automatic redirection to the login page does not work.
Please could anyone shed some light on this for me.
Thanks in advance,
Colm
========================== Colm Hayden
Responsian Ltd,
Tel: 028 9024 2116
Fax: 028 9050 1909
========================== | [aspngescalate] member Click here to reveal e-mail address = YOUR ID | http://www.asplists.com/asplists/aspngescalate.asp = JOIN/QUIT
| [aspngescalate] member Click here to reveal e-mail address = YOUR ID | http://www.asplists.com/asplists/aspngescalate.asp = JOIN/QUIT
|
|
| |
|
| |
| Dennis Werry |
Colm - glad to help.
Here is my login code - I left my login logic in (kind of) so you could see
the context.:
Private Sub HandleLogin()
' We're sticking the user's roles into the UserData
' field of the FormsAuthenticationTicket, so we have
' to do this manually, instead of using RedirectFromLoginPage().
' Create an auth ticket that expires when the session expires.
Dim CookieName As String &# F;ormsAuthentication.FormsCookieName
Dim CookiePath As String &# F;ormsAuthentication.FormsCookiePath
Dim curDate As DateTime &# D;ateTime.Now
txtUserID.Text &# t;xtUserID.Text.ToUpper()
txtPassword.Text &# t;xtPassword.Text.ToUpper()
Configuration.UserID &# t;xtUserID.Text
Configuration.BaseURL &# R;equest.Url.ToString()
Configuration.Password &# t;xtPassword.Text
Dim strSchool As String &# S;ession.Item("schoolname")
If Not IsNothing(strSchool) AndAlso strSchool.Length > 0 Then
Configuration.SchoolName &# s;trSchool
End If
Initializer.SetState(Configuration.UserID, Configuration.Password,
Configuration.SchoolName)
' Get the teacher id, student id, whatever id from this login id
Dim t As New Teacher()
If t.TestLogin(txtUserID.Text, txtPassword.Text) Then
Configuration.Homeroom &# t;.Homeroom
' Get the roles this teacher/login to which this login is entitled
Configuration.TeachID &# t;.TeachID
Dim myTicket As New FormsAuthenticationTicket(1, t.TeachID, curDate, _
curDate.AddMinutes(Session.Timeout), _
False, t.StringRoles(), CookiePath)
Dim encryptedTicket As String &# F;ormsAuthentication.Encrypt(myTicket)
Dim currentCookie As HttpCookie &# R;equest.Cookies(CookieName)
If IsNothing(currentCookie) Then
Dim authCookie As New HttpCookie(CookieName, encryptedTicket)
authCookie.Path &# C;ookiePath
Response.Cookies.Add(authCookie)
Else
Response.Cookies(CookieName).Value &# e;ncryptedTicket
End If
Dim destURL As String &# R;equest.Params("ReturnUrl")
If IsNothing(destURL) Then
destURL &# ";Default.aspx"
End If
Response.Redirect(destURL)
End If
End Sub
-----Original Message-----
From: Colm Hayden [mailto:Click here to reveal e-mail address]
Sent: Saturday, September 15, 2001 11:45 AM
To: aspngescalate
Subject: [aspngescalate] RE: Unanswered: Role-based forms authentication
question
Hi Dennis,
Thanks for the reply. I have tried your example and it does indeed allow
me to assign roles that can be read on any page request.
I have one quick question on how you populate the user data in the first
place.
This is a read only property, so I imagine that it must have to be set
upon construction of the FormsAuthenticationTicket.
Does this mean that I cannot use the FormsAuthentication.SetAuthCookie()
method, but instead would have to create my own ticket and attach it to the
cookies collection?
If so, do you have an example of how to do this?
Thanks again,
Colm
----- Original Message -----
From: Dennis Werry
To: aspngescalate
Sent: Friday, September 14, 2001 6:37 PM
Subject: [aspngescalate] RE: Unanswered: Role-based forms authentication
question
I had this problem right after beta 2 came out: here is what I and some
others on the list worked out.
I keep the roles stuffed in the user data of the ticket and retrieve
them like so.
HTH
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
Dim app As HttpApplication &# C;Type(sender, HttpApplication)
Dim ctx As HttpContext &# a;pp.Context
If ctx.Request.IsAuthenticated Then
Dim ck As HttpCookie
ck &# F;ormsAuthentication.GetAuthCookie(ctx.User.Identity.Name,
False)
Dim strName As String &# c;tx.User.Identity.Name
Dim id As FormsIdentity &# C;Type(ctx.User.Identity,
FormsIdentity)
Dim tk As FormsAuthenticationTicket &# i;d.Ticket
Dim newTk As FormsAuthenticationTicket FormsAuthentication.RenewTicketIfOld(tk)
If Not newTk Is tk Then
Dim CookieName As String FormsAuthentication.FormsCookieName
ctx.Response.Cookies(CookieName).Value FormsAuthentication.Encrypt(newTk)
End If
' grab the roles from our user data (since the framework doesn't
remember them for us)
Dim strRoles As String &# t;k.UserData
Dim c() As Char &# {;","c}
Context.User &# N;ew GenericPrincipal(User.Identity,
strRoles.Split(c))
End If
End Sub
-----Original Message-----
From: Colm Hayden [mailto:Click here to reveal e-mail address]
Sent: Friday, September 14, 2001 12:14 PM
To: aspngescalate
Subject: [aspngescalate] Unanswered: Role-based forms authentication
question
Hi all,
I have previously posted this question to Click here to reveal e-mail address and
recieved no responses so any help is appreciated.
I have been experimenting with forms based authentication and trying
to assign roles to a principle but have been unable to make the Principle
and the assigned roles span page requests. These are the steps I have used
1 - Using the Web.Config settings (below) requests are redirected to a
login page.
<authentication mode&#"F;orms">
<forms
name&#".;Responsian_Cookie"
path&#"/;"
loginUrl&#"L;ogin.aspx"
protection&#"A;ll"
timeout&#"1;0">
2 - The user is authenticated and the authentication cookie set before
a redirect:
FormsAuthentication.SetAuthCookie(username, persistCookie);
3 - A new IPrincipal is created with roles read from a database
string[] roles &# G;etRoles(username)
IPrincipal principle &# n;ew GenericPrincipal(User.Identity, roles);
4 - The principal is assigned to the context (I have tried all three
ways)
a) using Page.Context &# p;rinciple;
b) using Thread.CurrentThread.Principal
c) using the global.asax
protected void FormsAuthentication_OnAuthenticate(Object sender,
FormsAuthenticationEventArgs e)
{
// hardcoded
string[] roles &# n;ew string[]{"Administrator"};
GenericIdentity identity &# n;ew GenericIdentity("user");
e.User &# n;ew GenericPrincipal(identity, roles);
}
5 - On the subsequent page the role is checked:
if(User.IsInRole("Administrator"))
{
Trace.Warn("Page_Load", "User is an Administrator");
}
Results:
using (4.a), (5) evaluates to true in the same page, but not on the
next page request
using (4.b), CurrentThread.CurrentThread.Principal is in the role
within the same page
using (4.c), (5) evaluates to true on the requested page, but
automatic redirection to the login page does not work.
Please could anyone shed some light on this for me.
Thanks in advance,
Colm
&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;
Colm Hayden
Responsian Ltd,
Tel: 028 9024 2116
Fax: 028 9050 1909
&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;&#==;
| [aspngescalate] member Click here to reveal e-mail address &# Y;OUR ID |
http://www.asplists.com/asplists/aspngescalate.asp &# J;OIN/QUIT
| [aspngescalate] member Click here to reveal e-mail address &# Y;OUR ID |
http://www.asplists.com/asplists/aspngescalate.asp &# J;OIN/QUIT
| [aspngescalate] member Click here to reveal e-mail address &# Y;OUR ID |
http://www.asplists.com/asplists/aspngescalate.asp &# J;OIN/QUIT
|
|
| |
|
|
|
|
|
