Role-based security: Access the role of current user

Discussion in 'ASP .Net' started by Jesper Stocholm, Aug 23, 2003.

  1. I have implemented role-based security within my ASP.Net application.
    However, it seems the role is not passed to the authentication ticket I
    create.

    I want to use it to display/hide some content based on the user's role. I
    wrote this to do it:

    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
    plLoggedIn.Visible = true;
    liFirstName.Text = HttpContext.Current.User.Identity.Name;
    // This condition is causing me problems.
    // The condition always returns false, and hence writes
    // "user" regardless of what I log on as.
    if (HttpContext.Current.User.IsInRole("Administrator"))
    {
    liUserRole.Text = "administrator";
    }
    else
    {
    liUserRole.Text = "user";
    }
    }
    else
    {
    plLogin.Visible = true; // if not logged in, show login-form
    }

    I create my ticket as:

    FormsAuthenticationTicket oTicket = new FormsAuthenticationTicket(
    1,
    txtUserName.Text, //user name from form
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    false, //deletes cookie when closing browser session.
    oData.GetString(0), //Data from db with value either "Administrator"
    //or "User"
    FormsAuthentication.FormsCookiePath
    );

    In my global.asax I added the code:

    if (HttpContext.Current.User != null)
    {
    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
    if (HttpContext.Current.User.Identity is FormsIdentity)
    {
    FormsIdentity id =
    (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;
    // Get the stored user-data, in this case, the
    string userData = ticket.UserData; //Should contain e.g. "User"
    string[] roles = userData.Split(',');
    HttpContext.Current.User = new GenericPrincipal(id, roles);
    }
    }
    }

    It seems the ticket is created well enough - at least it is possible to
    extract the username with User.Identity.Name, but the role passed as
    userData above seems to be empty.

    Is there any way to see what the role of a current user is - without
    doing a explicit match like

    User.IsInRole("<some role name>")

    I would like to be able to do something similar to

    someLabel.Text = "Your role is: " + User.Identity.Role();

    .... but I cannot find the right way to do it.

    I know this is a lot of code, but can any of you see where I am missing
    something?

    Thanks,

    --
    Jesper Stocholm - http://stocholm.dk
    Copenhagen, Denmark
     
    Jesper Stocholm, Aug 23, 2003
    #1
    1. Advertising

  2. John Saunders wrote :

    > Jesper,
    >
    > I don't see anything wrong in your code.
    >
    > Have you checked in the debugger to see that the role is always
    > present in global.asax?


    Ehm - how do I do this? My application is not compiled to a complete dll
    using codebehind, but each .aspx.cs-file is compiled (initially) at
    runtime.

    > Another experiment might be to create your
    > GenericPrincipal with a new Identity, just to see if this new Identity
    > makes it as far as the Page_Load of one of your pages.


    I will try that. It seems there is no problem with the userdata contained
    in my ticket, since I am able to write oTicket.UserData to the page and
    get e.g. "Administrator". Also, Page.User.Current.Identity.Name is
    available - just not the role.

    Thanks for your time - I must admit that I am a bit lost with this
    problem, so any help is appreciated.

    :eek:)

    --
    Jesper Stocholm - http://stocholm.dk
    Copenhagen, Denmark
     
    Jesper Stocholm, Aug 23, 2003
    #2
    1. Advertising

  3. "Jesper Stocholm" <> wrote in message
    news:Xns93E0A5C86B133stocholmdk@130.226.1.34...
    > John Saunders wrote :
    >
    > > Jesper,
    > >
    > > I don't see anything wrong in your code.
    > >
    > > Have you checked in the debugger to see that the role is always
    > > present in global.asax?

    >
    > Ehm - how do I do this? My application is not compiled to a complete dll
    > using codebehind, but each .aspx.cs-file is compiled (initially) at
    > runtime.


    I don't know how you debug code except in codebehind. You could use
    Page.Trace.Write, but I always use codebehind, so I don't know of any other
    way. Try writing out the role in global.asax.

    > > Another experiment might be to create your
    > > GenericPrincipal with a new Identity, just to see if this new Identity
    > > makes it as far as the Page_Load of one of your pages.

    >
    > I will try that. It seems there is no problem with the userdata contained
    > in my ticket, since I am able to write oTicket.UserData to the page and
    > get e.g. "Administrator".


    When do you write it out? In global.asax? The question isn't whether it's
    correct on your login page, but whether it's correct later in global.asax on
    subsequent page requests.

    > Also, Page.User.Current.Identity.Name is
    > available - just not the role.


    Correct. The roles are only available via IsInRole.
    --
    John Saunders
    Internet Engineer
     
    John Saunders, Aug 23, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Liet Kynes
    Replies:
    0
    Views:
    517
    Liet Kynes
    Nov 26, 2003
  2. Boris Condarco

    Custom Role Based Security

    Boris Condarco, Nov 28, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    862
    Tommy
    Nov 28, 2003
  3. sean

    Role Based Security

    sean, May 27, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    358
    Steve C. Orr [MVP, MCSD]
    May 27, 2004
  4. Scott Natwick

    Role-based security

    Scott Natwick, Oct 22, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    399
    Scott Natwick
    Oct 24, 2004
  5. Kursat
    Replies:
    1
    Views:
    331
    Dominick Baier
    May 7, 2007
Loading...

Share This Page