User.IsInRole not redirecting

Discussion in 'ASP .Net Security' started by Bob Erwin, Nov 21, 2003.

  1. Bob Erwin

    Bob Erwin Guest

    Hi there,

    I have been reading up on Authorization and role based security for a couple
    of days now, and am trying to implement this in my applications.

    I'm having a problem with my roles being reconized by using the
    user.isinrole("test") on the redirected page after the Login.

    for instance, here is my code after I log into the page:


    Dim test() As String = {"OEM", "test"}
    HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
    FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)

    At this point if I break at the formsAuthentication.....I watch the
    User.isinrole("test") it shows up true, however, when I get redirected to
    the webform1.aspx page and also watch user.isinrole("test") then it is
    false.

    I'm really confused on what I need to do...I've tried the
    Threading.currentprincipal = new genericPrincipal(User.Identity, test) and
    that didn't work as well. The User.identity.isauthenticated does come over
    and also the User.identity.name comes over, it is just the
    user.isinrole("test") that does not come over.

    Any thoughts?

    You help is greatly appreciated...

    Thanks,
    Bob
    Bob Erwin, Nov 21, 2003
    #1
    1. Advertising

  2. Bob Erwin

    Paul Glavich Guest

    You need to associate your principal with associated roles for each request
    that comes in. Once you have authenticated and redirected, typically all
    that will be passed along (automatically that is) is that the user has been
    authenticated. A common way of carrying the roles across multiple requests
    is, once authenticated, store the roles in the cookie that is issued to the
    client. Each request that comes in (via the Application_AuthenticateRequest
    event in Global.asax), you extract the roles, create your generic principal
    with the extracted roles, and associate that generic principal wih the
    current context . When doing this, you should also remember to encrypt the
    cookie.

    --
    - Paul Glavich


    "Bob Erwin" <> wrote in message
    news:#...
    > Hi there,
    >
    > I have been reading up on Authorization and role based security for a

    couple
    > of days now, and am trying to implement this in my applications.
    >
    > I'm having a problem with my roles being reconized by using the
    > user.isinrole("test") on the redirected page after the Login.
    >
    > for instance, here is my code after I log into the page:
    >
    >
    > Dim test() As String = {"OEM", "test"}
    > HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
    > FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
    >
    > At this point if I break at the formsAuthentication.....I watch the
    > User.isinrole("test") it shows up true, however, when I get redirected to
    > the webform1.aspx page and also watch user.isinrole("test") then it is
    > false.
    >
    > I'm really confused on what I need to do...I've tried the
    > Threading.currentprincipal = new genericPrincipal(User.Identity, test) and
    > that didn't work as well. The User.identity.isauthenticated does come

    over
    > and also the User.identity.name comes over, it is just the
    > user.isinrole("test") that does not come over.
    >
    > Any thoughts?
    >
    > You help is greatly appreciated...
    >
    > Thanks,
    > Bob
    >
    >
    Paul Glavich, Nov 22, 2003
    #2
    1. Advertising

  3. Bob Erwin

    Bob Erwin Guest

    Hey Paul,

    Thanks for the response. I still have a question with this though. Yes you
    are correct that the authenticated user info is passed along automatically
    for me. So are you saying that Generic Principals assocated with that
    identity are *not* passed? Does that mean that I need to create a new
    generic principal and populate it each time I re-direct to a new page?

    Thanks,
    Bob

    "Paul Glavich" <-NOSPAM> wrote in message
    news:...
    > You need to associate your principal with associated roles for each

    request
    > that comes in. Once you have authenticated and redirected, typically all
    > that will be passed along (automatically that is) is that the user has

    been
    > authenticated. A common way of carrying the roles across multiple requests
    > is, once authenticated, store the roles in the cookie that is issued to

    the
    > client. Each request that comes in (via the

    Application_AuthenticateRequest
    > event in Global.asax), you extract the roles, create your generic

    principal
    > with the extracted roles, and associate that generic principal wih the
    > current context . When doing this, you should also remember to encrypt the
    > cookie.
    >
    > --
    > - Paul Glavich
    >
    >
    > "Bob Erwin" <> wrote in message
    > news:#...
    > > Hi there,
    > >
    > > I have been reading up on Authorization and role based security for a

    > couple
    > > of days now, and am trying to implement this in my applications.
    > >
    > > I'm having a problem with my roles being reconized by using the
    > > user.isinrole("test") on the redirected page after the Login.
    > >
    > > for instance, here is my code after I log into the page:
    > >
    > >
    > > Dim test() As String = {"OEM", "test"}
    > > HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
    > > FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
    > >
    > > At this point if I break at the formsAuthentication.....I watch the
    > > User.isinrole("test") it shows up true, however, when I get redirected

    to
    > > the webform1.aspx page and also watch user.isinrole("test") then it is
    > > false.
    > >
    > > I'm really confused on what I need to do...I've tried the
    > > Threading.currentprincipal = new genericPrincipal(User.Identity, test)

    and
    > > that didn't work as well. The User.identity.isauthenticated does come

    > over
    > > and also the User.identity.name comes over, it is just the
    > > user.isinrole("test") that does not come over.
    > >
    > > Any thoughts?
    > >
    > > You help is greatly appreciated...
    > >
    > > Thanks,
    > > Bob
    > >
    > >

    >
    >
    Bob Erwin, Dec 1, 2003
    #3
  4. Bob Erwin

    Bob Erwin Guest

    Hey,

    NeverMind on my last post. I was able to get this working based on the
    information you had provided.

    Just for those who are trying to do the same thing, I referenced:
    http://www.codeproject.com/aspnet/formsroleauth.asp as well as other Deja
    Articles.

    And here is my code below:
    'in my login button code
    .........
    Dim AuthTicket = New FormsAuthenticationTicket(1, oUserInfo.EmailAddress,
    DateTime.Now, DateTime.Now.AddMinutes(30), False, oUserInfo.UserRoles,
    FormsAuthentication.FormsCookiePath)
    Dim hash As String = FormsAuthentication.Encrypt(AuthTicket)
    Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)
    Response.Cookies.Add(cookie)
    Response.Redirect(FormsAuthentication.GetRedirectUrl(oUserInfo.EmailAddress,
    False), False)
    end sub

    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    EventArgs)
    ' Fires upon attempting to authenticate the use
    If Request.IsAuthenticated Then
    If User.Identity.IsAuthenticated Then
    Dim id As FormsIdentity
    id = HttpContext.Current.User.Identity
    Dim AuthTicket As FormsAuthenticationTicket
    AuthTicket = id.Ticket
    Dim roles As String = AuthTicket.UserData
    Dim RoleArray As String()
    RoleArray = Split(roles, "|")
    HttpContext.Current.User = New
    GenericPrincipal(User.Identity, RoleArray)
    End If
    End If
    End Sub

    Thanks for your help...

    Bob

    "Paul Glavich" <-NOSPAM> wrote in message
    news:...
    > You need to associate your principal with associated roles for each

    request
    > that comes in. Once you have authenticated and redirected, typically all
    > that will be passed along (automatically that is) is that the user has

    been
    > authenticated. A common way of carrying the roles across multiple requests
    > is, once authenticated, store the roles in the cookie that is issued to

    the
    > client. Each request that comes in (via the

    Application_AuthenticateRequest
    > event in Global.asax), you extract the roles, create your generic

    principal
    > with the extracted roles, and associate that generic principal wih the
    > current context . When doing this, you should also remember to encrypt the
    > cookie.
    >
    > --
    > - Paul Glavich
    >
    >
    > "Bob Erwin" <> wrote in message
    > news:#...
    > > Hi there,
    > >
    > > I have been reading up on Authorization and role based security for a

    > couple
    > > of days now, and am trying to implement this in my applications.
    > >
    > > I'm having a problem with my roles being reconized by using the
    > > user.isinrole("test") on the redirected page after the Login.
    > >
    > > for instance, here is my code after I log into the page:
    > >
    > >
    > > Dim test() As String = {"OEM", "test"}
    > > HttpContext.Current.User = New GenericPrincipal(User.Identity, test)
    > > FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
    > >
    > > At this point if I break at the formsAuthentication.....I watch the
    > > User.isinrole("test") it shows up true, however, when I get redirected

    to
    > > the webform1.aspx page and also watch user.isinrole("test") then it is
    > > false.
    > >
    > > I'm really confused on what I need to do...I've tried the
    > > Threading.currentprincipal = new genericPrincipal(User.Identity, test)

    and
    > > that didn't work as well. The User.identity.isauthenticated does come

    > over
    > > and also the User.identity.name comes over, it is just the
    > > user.isinrole("test") that does not come over.
    > >
    > > Any thoughts?
    > >
    > > You help is greatly appreciated...
    > >
    > > Thanks,
    > > Bob
    > >
    > >

    >
    >
    Bob Erwin, Dec 2, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Somyos Jinkow

    user.isinrole in user control

    Somyos Jinkow, Jun 1, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,896
    =?Utf-8?B?cmFuZ2FuaA==?=
    Jun 1, 2004
  2. Peter Bons
    Replies:
    1
    Views:
    497
    Patrick.O.Ige
    Mar 31, 2006
  3. Replies:
    0
    Views:
    822
  4. Stefan
    Replies:
    12
    Views:
    318
    Stefan
    Jan 10, 2006
  5. Somyos

    Not use User.IsInRole in user control

    Somyos, Jun 1, 2004, in forum: ASP .Net Web Controls
    Replies:
    0
    Views:
    107
    Somyos
    Jun 1, 2004
Loading...

Share This Page