Professional Web Applications Themes

Role-based security: Access the role of current user - ASP.NET General

I have implemented role-based security within my ASP.Net application. However, it seems the role is not passed to the authentication ticket I create. I want to use it to display/hide some content based on the user's role. I wrote this to do it: if (HttpContext.Current.User.Identity.IsAuthenticated ) { plLoggedIn.Visible = true; liFirstName.Text = HttpContext.Current.User.Identity.Name; // This condition is causing me problems. // The condition always returns false, and hence writes // "user" regardless of what I log on as. if (HttpContext.Current.User.IsInRole("Administrator" )) { liUserRole.Text = "administrator"; } else { liUserRole.Text = "user"; } } else { plLogin.Visible = true; // if ...

  1. #1

    Default Role-based security: Access the role of current user

    I have implemented role-based security within my ASP.Net application.
    However, it seems the role is not passed to the authentication ticket I
    create.

    I want to use it to display/hide some content based on the user's role. I
    wrote this to do it:

    if (HttpContext.Current.User.Identity.IsAuthenticated )
    {
    plLoggedIn.Visible = true;
    liFirstName.Text = HttpContext.Current.User.Identity.Name;
    // This condition is causing me problems.
    // The condition always returns false, and hence writes
    // "user" regardless of what I log on as.
    if (HttpContext.Current.User.IsInRole("Administrator" ))
    {
    liUserRole.Text = "administrator";
    }
    else
    {
    liUserRole.Text = "user";
    }
    }
    else
    {
    plLogin.Visible = true; // if not logged in, show login-form
    }

    I create my ticket as:

    FormsAuthenticationTicket oTicket = new FormsAuthenticationTicket(
    1,
    txtUserName.Text, //user name from form
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    false, //deletes cookie when closing browser session.
    oData.GetString(0), //Data from db with value either "Administrator"
    //or "User"
    FormsAuthentication.FormsCookiePath
    );

    In my global.asax I added the code:

    if (HttpContext.Current.User != null)
    {
    if (HttpContext.Current.User.Identity.IsAuthenticated )
    {
    if (HttpContext.Current.User.Identity is FormsIdentity)
    {
    FormsIdentity id =
    (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;
    // Get the stored user-data, in this case, the
    string userData = ticket.UserData; //Should contain e.g. "User"
    string[] roles = userData.Split(',');
    HttpContext.Current.User = new GenericPrincipal(id, roles);
    }
    }
    }

    It seems the ticket is created well enough - at least it is possible to
    extract the username with User.Identity.Name, but the role passed as
    userData above seems to be empty.

    Is there any way to see what the role of a current user is - without
    doing a explicit match like

    User.IsInRole("<some role name>")

    I would like to be able to do something similar to

    someLabel.Text = "Your role is: " + User.Identity.Role();

    .... but I cannot find the right way to do it.

    I know this is a lot of code, but can any of you see where I am missing
    something?

    Thanks,

    --
    Jesper Stocholm - http://stocholm.dk
    Copenhagen, Denmark
    Jesper Guest

  2. #2

    Default Re: Role-based security: Access the role of current user

    John Saunders wrote :
     

    Ehm - how do I do this? My application is not compiled to a complete dll
    using codebehind, but each .aspx.cs-file is compiled (initially) at
    runtime.
     

    I will try that. It seems there is no problem with the userdata contained
    in my ticket, since I am able to write oTicket.UserData to the page and
    get e.g. "Administrator". Also, Page.User.Current.Identity.Name is
    available - just not the role.

    Thanks for your time - I must admit that I am a bit lost with this
    problem, so any help is appreciated.

    :o)

    --
    Jesper Stocholm - http://stocholm.dk
    Copenhagen, Denmark
    Jesper Guest

  3. #3

    Default Re: Role-based security: Access the role of current user

    "Jesper Stocholm" <invalid> wrote in message
    news:226.1.34... 
    >
    > Ehm - how do I do this? My application is not compiled to a complete dll
    > using codebehind, but each .aspx.cs-file is compiled (initially) at
    > runtime.[/ref]

    I don't know how you debug code except in codebehind. You could use
    Page.Trace.Write, but I always use codebehind, so I don't know of any other
    way. Try writing out the role in global.asax.
     
    >
    > I will try that. It seems there is no problem with the userdata contained
    > in my ticket, since I am able to write oTicket.UserData to the page and
    > get e.g. "Administrator".[/ref]

    When do you write it out? In global.asax? The question isn't whether it's
    correct on your login page, but whether it's correct later in global.asax on
    subsequent page requests.
     

    Correct. The roles are only available via IsInRole.
    --
    John Saunders
    Internet Engineer
    com


    John Guest

Similar Threads

  1. Role based security
    By zino in forum ASP.NET Security
    Replies: 5
    Last Post: December 29th, 12:40 PM
  2. Role based security question
    By clsmith66 in forum ASP.NET Security
    Replies: 4
    Last Post: January 19th, 09:10 PM
  3. Role based Security and Permissions
    By Suneel Jhangiani in forum ASP.NET Security
    Replies: 0
    Last Post: June 3rd, 04:22 PM
  4. Do I need Role Based Security
    By Janaka in forum ASP.NET Security
    Replies: 0
    Last Post: May 10th, 04:31 PM
  5. Reg Role BAsed security..
    By Madan Nayak in forum ASP.NET Security
    Replies: 11
    Last Post: February 11th, 05:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139