IsInRole problem

[Colin Peters]

Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole
based upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers

 

[Colin Peters]

Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

 

[Patrick Allmond - Focus Consulting Inc]

Colin - What ever came of this?

Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole based
upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers

 

[KMA]

Patrick,

You have no idea of how my heart leapt when I saw a reply to my
question.....

.... only to find you probably have the same problem.

Progress so far.

It seems that session is screwed up on the host machine. I put DivZero code
in session start and it never gets called. So I'm going to see if the host
can rectify it and if not I'll try another host.

Still, I did learn more about Roles and session.

Thanks for the interest.

Colin - What ever came of this?

Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole based
upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers