Ask a Question related to ASP.NET Security, Design and Development.
-
dave #1
User Roles - Global.asax
I have the following code in global.asax, which picks up a logged in users
roles from a db.
if (not(HttpContext.Current.User is Nothing)) then
if HttpContext.Current.User.Identity.AuthenticationTy pe = "Forms" then
Dim id as System.Web.Security.FormsIdentity
id = HttpContext.Current.User.Identity
SQL = "SELECT dbo.ADMIN_USERS_PERMISSIONS.* "
SQL = SQL & "FROM dbo.ADMIN_USERS_PERMISSIONS "
SQL = SQL & "WHERE
dbo.ADMIN_USERS_PERMISSIONS.USER_TYPE_ID= "
SQL = SQL & "'" &
HttpContext.Current.User.Identity.Name & "'"
con = New
SqlConnection(ConfigurationSettings.AppSettings("D BconnString"))
cmd = New SqlCommand()
cmd.CommandText = SQL
cmd.Connection = con
con.open()
dat = cmd.ExecuteReader(
CommandBehavior.CloseConnection )
if dat.Read() then
for i = 3 to dat.fieldcount -1
if dat(i) = "T"
roleList.Add(
Dat.GetName(i) )
end if
next
end if
dat.Close()
Dim roleListArray As String() =
roleList.ToArray(GetType(String))
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id,role ListArray)
Questions:
Why is it that if I try to run the same code that is currently within
Application_AuthenticateRequest from another sub in say sub setroles() in
login.aspx it doesn't set these roles and no errors are thrown (making me
think it is working, but it aint)?
If it is just not possible to do this sort of thing outside of global.asax's
application_authenication method, then how can I test if a users roles have
been set, so that this code that is calling a DB is not run every time a
request is made to any page within the website, which is what it is doing.
Someone suggest putting this in the session_onstart, but that would mean it
would be fired before the person had even submitted their login details
through login.aspx
And, why cant I get a hold of a session var that I have set within
login.aspx once the user logs in from within global.asax, which is what I
need to determine the user id to collect the data from the DB then set his
permissions?
I cant use user.identity.name (althought that is whats shown in the code
above) to store this id as it being used for another id that I need to keep
a hold of for that's users session?
The only other option I have is to set about 15-20 session vars when the
user logs in and use them to determine a users roles/permissions throughout
other pages, but this seems a bit of a waste when there is something built
into the framework to handle this.
Yours totally confused!
dave Guest
-
Session_Start in Global.asax
Is the Session_Start() sub executed on every request or just when a new users session is started? Thx for the help, stan -
global.asax
Hi all! I've created a simple aspx application and when I run it locally on my pc all works fine. If I move it on the web server I get the... -
Global.asax Inheritance?
I understand how Web.Config inheritance works between a parent application and sub applications under the parent. But what I was wondering was if... -
Global Error handling in Applicatio_Error() of Global.asax
Hi all, For a web application if we are using web farm, and if i want to do Global Error handling can i use Applicatio_Error() method in... -
What is Global.asax?
It's the class file definition code for the Session and Application events - if you have anything that should be done when a user first connects or...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
