Question: COntext.User.IsInRole

[John Saunders]

You would set them in your global.asax in the Authenticate event.

--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]

"VB Programmer" <growNO-SPAM@go-intech.com> wrote in message
news:%23cpvgwEXDHA.2476@tk2msftngp13.phx.gbl...

> How do you set the Identity and Role for Context.User? My intention is to
> use this statement: If Context.User.IsInRole("System Admin") Then...
>
> Would I set the Identity and Role in my Login page?
>
>

[John Saunders]

"VB Programmer" <growNO-SPAM@go-intech.com> wrote in message
news:ORLWzGFXDHA.652@TK2MSFTNGP10.phx.gbl...
....

> Guess that confuses me. In the examples I've seen, and as you said,

they've

> put that code in the Application_AuthenticateRequest event within a
> statement like "If Request.IsAuthenticated Then", followed by setting up a
> "New GenericPrincipal", etc...
>
> But, how do you get inside the "If Request.IsAuthenticated" code to set

that

> stuff up if you aren't authenticated yet? Catch 22? Am I just totally
> confused?
>

You will be authenticated by the time you get there. Request.User will be
set up with a valid IPrincipal object with no roles, and a FormsIdentity
with the username and the Forms Authentication ticket.

What you need to do in your Application_AuthenticateRequest method is to
create a new GenericPrincipal with the same Identity but with the roles you
want.

Ok, where do roles come from? You have to put them there yourself. One way
is to figure out the roles on your login page. Then, instead of letting
Forms Authentication handle the cookie for you, do it yourself. This allows
you to store the roles (or whatever else you need) in the UserData field of
the FormsAuthenticationTicket. Here's some of my code that does this. Sorry,
but it's in C#:

/// <summary>
/// RedirectFromLoginPage - Finish Forms Authentication and redirect to
the original destination.
/// </summary>
/// <param name="userName">The authenticated username</param>
/// <param name="userData">The user data returned from
Authenticate*</param>
/// <param name="defaultRedirectUrl">URL to go if not specified.</param>
public static void RedirectFromLoginPage(string userName, string userData,
string defaultRedirectUrl)
{
HttpContext ctx = HttpContext.Current;

// Ok, we've been told he's ok. Store the returned userData in the Forms
Authentication
// ticket, then return back to the page they wanted originally.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
userName,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
userData);
string cookievalue = FormsAuthentication.Encrypt(ticket);

// Put the encrypted ticket into a cookie to send back to the client
// (and for the client to send back to us)
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName);
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Value = cookievalue;
cookie.Domain =
System.Configuration.ConfigurationSettings.AppSett ings["CookieDomain"];
ctx.Response.Cookies.Add(cookie);

// Redirect back to where they were going (or else back here, and we'll
forward them)
string returnUrl;
if (ctx.Request.QueryString["ReturnUrl"] == null)
{
returnUrl = defaultRedirectUrl;
}
else
{
returnUrl = ctx.Request.QueryString["ReturnUrl"];
}
ctx.Response.Redirect(returnUrl);
}

In your AuthenticateRequest handler, you can get the FormsIdentity from
Context.User.Identity, get the FormsAuthenticationTicket from
Identity.Ticket, then get the user data from Ticket.UserData. Then,
magically turn that string into a string array of roles, and use it to
create a new GenericPrincipal from the Identity and the roles. Set
Context.User to that principal and you'll be all set.


--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]