IsInRole problem

Discussion in 'ASP .Net Security' started by Colin Peters, Oct 28, 2005.

  1. Colin Peters

    Colin Peters Guest

    Hi,

    I have the following problem:

    I've implemented role based security and it worked fine on both my local
    dev machine and my remote shared host. Now it only works on my dev
    machine. My shared host had some unidentified problems but I'm not sure
    they are related so I can't really ask them to change something.

    So I thought I'd investigate myself. I found by outputing to the page in
    the prod environment, that I get the right roles via:

    FormsIdentity id =
    (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;

    // Get the stored user-data, in this case, our roles
    string userData = ticket.UserData;
    string[] roles = userData.Split(',');

    so I know the roles are stored int he cookie OK.

    In the Application_AuthenticateRequest method I then use this info thus:
    HttpContext.Current.User = new GenericPrincipal(id, roles);

    But when I go to retrieve the roles:

    Type type = princ.GetType();
    FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
    BindingFlags.NonPublic);
    String[] roles = (String[]) field.GetValue(princ);


    I find that it is empty. Also using User.IsInRole function never returns
    true even though I know I have that role from the previous output.

    All of the above works fine on my dev machine, so I'm trying to find out
    what can have an influence on this. Does the machine.cfg file have any
    settings? Can IIS setup make a difference?

    I'm rather puzzled, and tempted to write my own version of IsInRole
    based upon what I can extract myself from the cookie.

    Also, it seems that Session_End is also not firing? I get the impression
    that my host has fixed one thing and broken another. What can I check to
    give them some proof of what's at fault?

    Cheers
     
    Colin Peters, Oct 28, 2005
    #1
    1. Advertising

  2. Colin Peters

    Colin Peters Guest

    Session_Start isn't firing either. What's going on? I have

    sessionState
    mode="InProc"

    This is getting plain silly.

    Colin Peters wrote:

    > Hi,
    >
    > I have the following problem:
    >
    > I've implemented role based security and it worked fine on both my local
    > dev machine and my remote shared host. Now it only works on my dev
    > machine. My shared host had some unidentified problems but I'm not sure
    > they are related so I can't really ask them to change something.
    >
    > So I thought I'd investigate myself. I found by outputing to the page in
    > the prod environment, that I get the right roles via:
    >
    > FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    > FormsAuthenticationTicket ticket = id.Ticket;
    >
    > // Get the stored user-data, in this case, our roles
    > string userData = ticket.UserData;
    > string[] roles = userData.Split(',');
    >
    > so I know the roles are stored int he cookie OK.
    >
    > In the Application_AuthenticateRequest method I then use this info thus:
    > HttpContext.Current.User = new GenericPrincipal(id, roles);
    >
    > But when I go to retrieve the roles:
    >
    > Type type = princ.GetType();
    > FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
    > BindingFlags.NonPublic);
    > String[] roles = (String[]) field.GetValue(princ);
    >
    >
    > I find that it is empty. Also using User.IsInRole function never returns
    > true even though I know I have that role from the previous output.
    >
    > All of the above works fine on my dev machine, so I'm trying to find out
    > what can have an influence on this. Does the machine.cfg file have any
    > settings? Can IIS setup make a difference?
    >
    > I'm rather puzzled, and tempted to write my own version of IsInRole
    > based upon what I can extract myself from the cookie.
    >
    > Also, it seems that Session_End is also not firing? I get the impression
    > that my host has fixed one thing and broken another. What can I check to
    > give them some proof of what's at fault?
    >
    > Cheers
     
    Colin Peters, Oct 28, 2005
    #2
    1. Advertising

  3. Colin - What ever came of this?

    "Colin Peters" <> wrote in message
    news:43628e35$...
    > Session_Start isn't firing either. What's going on? I have
    >
    > sessionState
    > mode="InProc"
    >
    > This is getting plain silly.
    >
    > Colin Peters wrote:
    >
    >> Hi,
    >>
    >> I have the following problem:
    >>
    >> I've implemented role based security and it worked fine on both my local
    >> dev machine and my remote shared host. Now it only works on my dev
    >> machine. My shared host had some unidentified problems but I'm not sure
    >> they are related so I can't really ask them to change something.
    >>
    >> So I thought I'd investigate myself. I found by outputing to the page in
    >> the prod environment, that I get the right roles via:
    >>
    >> FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    >> FormsAuthenticationTicket ticket = id.Ticket;
    >>
    >> // Get the stored user-data, in this case, our roles
    >> string userData = ticket.UserData;
    >> string[] roles = userData.Split(',');
    >>
    >> so I know the roles are stored int he cookie OK.
    >>
    >> In the Application_AuthenticateRequest method I then use this info thus:
    >> HttpContext.Current.User = new GenericPrincipal(id, roles);
    >>
    >> But when I go to retrieve the roles:
    >>
    >> Type type = princ.GetType();
    >> FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
    >> BindingFlags.NonPublic);
    >> String[] roles = (String[]) field.GetValue(princ);
    >>
    >>
    >> I find that it is empty. Also using User.IsInRole function never returns
    >> true even though I know I have that role from the previous output.
    >>
    >> All of the above works fine on my dev machine, so I'm trying to find out
    >> what can have an influence on this. Does the machine.cfg file have any
    >> settings? Can IIS setup make a difference?
    >>
    >> I'm rather puzzled, and tempted to write my own version of IsInRole based
    >> upon what I can extract myself from the cookie.
    >>
    >> Also, it seems that Session_End is also not firing? I get the impression
    >> that my host has fixed one thing and broken another. What can I check to
    >> give them some proof of what's at fault?
    >>
    >> Cheers
     
    Patrick Allmond - Focus Consulting Inc, Nov 9, 2005
    #3
  4. Colin Peters

    KMA Guest

    Patrick,

    You have no idea of how my heart leapt when I saw a reply to my
    question.....

    .... only to find you probably have the same problem.

    Progress so far.

    It seems that session is screwed up on the host machine. I put DivZero code
    in session start and it never gets called. So I'm going to see if the host
    can rectify it and if not I'll try another host.

    Still, I did learn more about Roles and session.

    Thanks for the interest.

    "Patrick Allmond - Focus Consulting Inc" <> wrote
    in message news:...
    > Colin - What ever came of this?
    >
    > "Colin Peters" <> wrote in message
    > news:43628e35$...
    > > Session_Start isn't firing either. What's going on? I have
    > >
    > > sessionState
    > > mode="InProc"
    > >
    > > This is getting plain silly.
    > >
    > > Colin Peters wrote:
    > >
    > >> Hi,
    > >>
    > >> I have the following problem:
    > >>
    > >> I've implemented role based security and it worked fine on both my

    local
    > >> dev machine and my remote shared host. Now it only works on my dev
    > >> machine. My shared host had some unidentified problems but I'm not sure
    > >> they are related so I can't really ask them to change something.
    > >>
    > >> So I thought I'd investigate myself. I found by outputing to the page

    in
    > >> the prod environment, that I get the right roles via:
    > >>
    > >> FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    > >> FormsAuthenticationTicket ticket = id.Ticket;
    > >>
    > >> // Get the stored user-data, in this case, our roles
    > >> string userData = ticket.UserData;
    > >> string[] roles = userData.Split(',');
    > >>
    > >> so I know the roles are stored int he cookie OK.
    > >>
    > >> In the Application_AuthenticateRequest method I then use this info

    thus:
    > >> HttpContext.Current.User = new GenericPrincipal(id, roles);
    > >>
    > >> But when I go to retrieve the roles:
    > >>
    > >> Type type = princ.GetType();
    > >> FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
    > >> BindingFlags.NonPublic);
    > >> String[] roles = (String[]) field.GetValue(princ);
    > >>
    > >>
    > >> I find that it is empty. Also using User.IsInRole function never

    returns
    > >> true even though I know I have that role from the previous output.
    > >>
    > >> All of the above works fine on my dev machine, so I'm trying to find

    out
    > >> what can have an influence on this. Does the machine.cfg file have any
    > >> settings? Can IIS setup make a difference?
    > >>
    > >> I'm rather puzzled, and tempted to write my own version of IsInRole

    based
    > >> upon what I can extract myself from the cookie.
    > >>
    > >> Also, it seems that Session_End is also not firing? I get the

    impression
    > >> that my host has fixed one thing and broken another. What can I check

    to
    > >> give them some proof of what's at fault?
    > >>
    > >> Cheers

    >
    >
     
    KMA, Nov 10, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. arjun

    isInRole Problem

    arjun, Nov 28, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    3,641
    arjun
    Nov 30, 2004
  2. =?Utf-8?B?UGV0ZXI=?=

    problem with .IsInRole

    =?Utf-8?B?UGV0ZXI=?=, Jan 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    426
    =?Utf-8?B?UGV0ZXI=?=
    Jan 25, 2005
  3. =?Utf-8?B?RGF2ZQ==?=

    IsInRole problem?

    =?Utf-8?B?RGF2ZQ==?=, Mar 24, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    2,174
    Elton Wang
    Mar 25, 2005
  4. =?Utf-8?B?SnVsaWE=?=

    IsInRole problem

    =?Utf-8?B?SnVsaWE=?=, Dec 4, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    328
    Patrick.O.Ige
    Dec 5, 2006
  5. Jim McLeod

    ASP.NET Context.User.IsInRole XP Problem

    Jim McLeod, Jun 7, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    151
    Jim McLeod
    Jun 7, 2004
Loading...

Share This Page