Assigning roles to a smart card authenticated user

Discussion in 'ASP .Net Security' started by Pdub, Feb 26, 2007.

  1. Pdub

    Pdub Guest

    When accessing our web sites, users must enter their smart card, type in a
    PIN, and then a third party site authenticates and sets a server variable if
    they are valid. My apps take this value
    (request.ServerVariables("HTTP_OURUSERS")) and then compares it to values in
    my database. Based on this I set the role of the user. In classic asp apps
    this was pretty straight forward; I would set a session value containing the
    role and then each page had an include that checked to see if a user had
    permission to access this page.

    I would like to take advantage of the role manager in asp.net but I am very
    confused as to the best way to go about it. In the one asp.net I have done, I
    had 2 roles and used the master page to allow or deny access to each page. My
    new app has 4 roles and a lot more pages. Any advice on the best direction is
    greatly appreciated.
    Pdub, Feb 26, 2007
    #1
    1. Advertising

  2. Pdub

    Joe Kaplan Guest

    Probably the right way to do this would be to implement your own custom role
    provider class that reads this header value and does the database lookup to
    retrieve the roles. This should integrated nicely with both the role
    manager framework and your custom authentication system that you have in
    place. You just derive a class from the RoleProvider base class.

    The important methods to implement are IsUserInRole and GetRolesForUser,
    although you have to override several others as well. Most of the other
    ones you can probably leave with empty method bodies to start with.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Pdub" <> wrote in message
    news:...
    > When accessing our web sites, users must enter their smart card, type in a
    > PIN, and then a third party site authenticates and sets a server variable
    > if
    > they are valid. My apps take this value
    > (request.ServerVariables("HTTP_OURUSERS")) and then compares it to values
    > in
    > my database. Based on this I set the role of the user. In classic asp apps
    > this was pretty straight forward; I would set a session value containing
    > the
    > role and then each page had an include that checked to see if a user had
    > permission to access this page.
    >
    > I would like to take advantage of the role manager in asp.net but I am
    > very
    > confused as to the best way to go about it. In the one asp.net I have
    > done, I
    > had 2 roles and used the master page to allow or deny access to each page.
    > My
    > new app has 4 roles and a lot more pages. Any advice on the best direction
    > is
    > greatly appreciated.
    Joe Kaplan, Feb 28, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?bm9vZGxlcw==?=

    Smart Card Authentication

    =?Utf-8?B?bm9vZGxlcw==?=, May 14, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,155
    Steve C. Orr [MVP, MCSD]
    May 14, 2004
  2. HK
    Replies:
    2
    Views:
    589
  3. Techie
    Replies:
    2
    Views:
    985
    Techie
    Dec 30, 2004
  4. Replies:
    1
    Views:
    332
    Steve C. Orr [MVP, MCSD]
    Jun 22, 2006
  5. Abhijit
    Replies:
    0
    Views:
    144
    Abhijit
    Apr 12, 2004
Loading...

Share This Page