IsInRole always returns false?

Discussion in 'ASP .Net Security' started by Dave, Oct 11, 2005.

  1. Dave

    Dave Guest

    Hi,

    I'm using Windows authentication with impersonation turned on but I wanted
    to pull user roles from my database. Once I person logs in, I want to check
    their roles.

    I have the following code that loads an array of roles for a
    person(hardcoded in this sample but will be pulled from a database later base
    on the user's identity.)
    However, in subsequent pages when I want to show certain links for an
    "Admin", User.IsInRole("Admin") always returns false. Is my implementation
    wrong? I don't want to rely on Windows groups but would rather maintain the
    roles in my db which I have more control.

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
    if (Request.IsAuthenticated)
    {
    //These will eventually be pulled from database's UserRole table...
    string[] arrRoles = new string[]{"Admin", "User"};
    //Add our Principal to the current context
    System.Threading.Thread.CurrentPrincipal = new
    System.Security.Principal.GenericPrincipal(Context.User.Identity, arrRoles);
    }
    }
    Dave, Oct 11, 2005
    #1
    1. Advertising

  2. Dave

    Dave Guest

    Nevermind, I got it by slightly changing the code below to:

    Context.User = new
    System.Security.Principal.GenericPrincipal(Context.User.Identity, arrRoles);

    "Dave" wrote:

    > Hi,
    >
    > I'm using Windows authentication with impersonation turned on but I wanted
    > to pull user roles from my database. Once I person logs in, I want to check
    > their roles.
    >
    > I have the following code that loads an array of roles for a
    > person(hardcoded in this sample but will be pulled from a database later base
    > on the user's identity.)
    > However, in subsequent pages when I want to show certain links for an
    > "Admin", User.IsInRole("Admin") always returns false. Is my implementation
    > wrong? I don't want to rely on Windows groups but would rather maintain the
    > roles in my db which I have more control.
    >
    > protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    > {
    > if (Request.IsAuthenticated)
    > {
    > //These will eventually be pulled from database's UserRole table...
    > string[] arrRoles = new string[]{"Admin", "User"};
    > //Add our Principal to the current context
    > System.Threading.Thread.CurrentPrincipal = new
    > System.Security.Principal.GenericPrincipal(Context.User.Identity, arrRoles);
    > }
    > }
    Dave, Oct 11, 2005
    #2
    1. Advertising

  3. Hello Dave,

    yes -you have to set Context.User

    after AuthenticateRequest there is a undocumented event called DefaultAuthentication
    which just does this:

    Thread.CurrentPrincipal = Context.User;

    to keep both values in sync - if you set CurrentPrincipal in your event handler
    it will be immediately overwritten.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Nevermind, I got it by slightly changing the code below to:
    >
    > Context.User = new
    > System.Security.Principal.GenericPrincipal(Context.User.Identity,
    > arrRoles);
    >
    > "Dave" wrote:
    >
    >> Hi,
    >>
    >> I'm using Windows authentication with impersonation turned on but I
    >> wanted to pull user roles from my database. Once I person logs in, I
    >> want to check their roles.
    >>
    >> I have the following code that loads an array of roles for a
    >> person(hardcoded in this sample but will be pulled from a database
    >> later base
    >> on the user's identity.)
    >> However, in subsequent pages when I want to show certain links for an
    >> "Admin", User.IsInRole("Admin") always returns false. Is my
    >> implementation
    >> wrong? I don't want to rely on Windows groups but would rather
    >> maintain the
    >> roles in my db which I have more control.
    >> protected void Application_AuthenticateRequest(Object sender,
    >> EventArgs e)
    >> {
    >> if (Request.IsAuthenticated)
    >> {
    >> //These will eventually be pulled from database's UserRole table...
    >> string[] arrRoles = new string[]{"Admin", "User"};
    >> //Add our Principal to the current context
    >> System.Threading.Thread.CurrentPrincipal = new
    >> System.Security.Principal.GenericPrincipal(Context.User.Identity,
    >> arrRoles);
    >> }
    >>
    Dominick Baier [DevelopMentor], Oct 11, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mong

    IsInRole still returns false!

    Mong, May 21, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    3,475
    Matt Quinn
    Jun 27, 2007
  2. =?Utf-8?B?SklNLkgu?=

    IsInRole always false

    =?Utf-8?B?SklNLkgu?=, Jul 24, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    8,191
    John Saunders
    Jul 27, 2004
  3. DJ
    Replies:
    3
    Views:
    923
  4. Randy
    Replies:
    1
    Views:
    657
    Joe Kaplan \(MVP - ADSI\)
    Sep 2, 2004
  5. Oliver Rainer

    User.IsInRole is always FALSE

    Oliver Rainer, Jun 7, 2005, in forum: ASP .Net Web Services
    Replies:
    5
    Views:
    245
    Oliver Rainer
    Jun 13, 2005
Loading...

Share This Page