N
Nick Breau
Hi All,
I'm looking into a Security solution using ASP.NET and C# for an
Enterprise level application. I would like to implement Role based
security with authorization being performed via entries in the
web.config file (non programatically, without having to call the
..IsInRole("blabla"); method.
Evertying has been fine so far.
However, I am also using a frontController (extending IHttpHandler)
and all requests to the server pass throught my custom frontController
and get redirected to the requested page via Server.Transfer.
The problem is that the call to Server.Transfer seems to bypass the
authentication for the page the user is being transfered to. I'm
assuming this is probably by nature due to the way server.transfer
works. Response.Redirect is not an option due to performance reasons.
Does anybody have any suggestions or work arounds for this problem ?
So far it seems to me like I've hit a major roadblock.
thanks,
Nick.
I'm looking into a Security solution using ASP.NET and C# for an
Enterprise level application. I would like to implement Role based
security with authorization being performed via entries in the
web.config file (non programatically, without having to call the
..IsInRole("blabla"); method.
Evertying has been fine so far.
However, I am also using a frontController (extending IHttpHandler)
and all requests to the server pass throught my custom frontController
and get redirected to the requested page via Server.Transfer.
The problem is that the call to Server.Transfer seems to bypass the
authentication for the page the user is being transfered to. I'm
assuming this is probably by nature due to the way server.transfer
works. Response.Redirect is not an option due to performance reasons.
Does anybody have any suggestions or work arounds for this problem ?
So far it seems to me like I've hit a major roadblock.
thanks,
Nick.