D
Dominick Baier
Hi,
i must admin - i don't really understand your logic.
why don't you just call User.IsInRole("role"); ???
another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here...
You only have to call SetPrincipalPolicy if no plumbing has populated Thread.CurrentPrincipal for you (e.g. in a console / winforms app) - but ASP.NET does that.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
I have an ASP.NET/C# application in which I verify that the current user is a
member of a list of roles before giving them access to particular functions
of the application (read vs update). I am using the IsInRole method of the
IPrincipal object to check for role membership. Currently, I am just
checking the domain/username against a list of domain/usernames, and will
eventually created Groups.
This is working well for all users, except one. Although my application is
correctly identifying this user with the correct domain/username, the
isinrole call returns false.
My code is below:
from the .aspx.cs:
private void Page_Load(object sender, System.EventArgs e)
{
if (!((Security)(Application["security"])).userInRole("edit",
HttpContext.Current.User))
edit = false;
else
edit = true;
}
This code is from a C# object (called "Security") and is called from the
page above:
public Boolean userInRole(String role, IPrincipal principal)
{
Boolean inRole = false;
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
//get users from hashtable
String[] users = (String[])securityRolesMap[role];
//loop through users to see is the current user matches
for(int i=0;i< users.Length;i++)
{
String user = users;
if (principal.IsInRole(users.ToLower()))
{
inRole = true;
break;
}
}
return inRole;
}
Any ideas why this would work okay for everyone except one user?
[microsoft.public.dotnet.framework.aspnet.security]
i must admin - i don't really understand your logic.
why don't you just call User.IsInRole("role"); ???
another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here...
You only have to call SetPrincipalPolicy if no plumbing has populated Thread.CurrentPrincipal for you (e.g. in a console / winforms app) - but ASP.NET does that.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
I have an ASP.NET/C# application in which I verify that the current user is a
member of a list of roles before giving them access to particular functions
of the application (read vs update). I am using the IsInRole method of the
IPrincipal object to check for role membership. Currently, I am just
checking the domain/username against a list of domain/usernames, and will
eventually created Groups.
This is working well for all users, except one. Although my application is
correctly identifying this user with the correct domain/username, the
isinrole call returns false.
My code is below:
from the .aspx.cs:
private void Page_Load(object sender, System.EventArgs e)
{
if (!((Security)(Application["security"])).userInRole("edit",
HttpContext.Current.User))
edit = false;
else
edit = true;
}
This code is from a C# object (called "Security") and is called from the
page above:
public Boolean userInRole(String role, IPrincipal principal)
{
Boolean inRole = false;
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
//get users from hashtable
String[] users = (String[])securityRolesMap[role];
//loop through users to see is the current user matches
for(int i=0;i< users.Length;i++)
{
String user = users;
if (principal.IsInRole(users.ToLower()))
{
inRole = true;
break;
}
}
return inRole;
}
Any ideas why this would work okay for everyone except one user?
[microsoft.public.dotnet.framework.aspnet.security]