D
dave
I have the following code in global.asax, which picks up a logged in users
roles from a db.
if (not(HttpContext.Current.User is Nothing)) then
if HttpContext.Current.User.Identity.AuthenticationType = "Forms" then
Dim id as System.Web.Security.FormsIdentity
id = HttpContext.Current.User.Identity
SQL = "SELECT dbo.ADMIN_USERS_PERMISSIONS.* "
SQL = SQL & "FROM dbo.ADMIN_USERS_PERMISSIONS "
SQL = SQL & "WHERE
dbo.ADMIN_USERS_PERMISSIONS.USER_TYPE_ID= "
SQL = SQL & "'" &
HttpContext.Current.User.Identity.Name & "'"
con = New
SqlConnection(ConfigurationSettings.AppSettings("DBconnString"))
cmd = New SqlCommand()
cmd.CommandText = SQL
cmd.Connection = con
con.open()
dat = cmd.ExecuteReader(
CommandBehavior.CloseConnection )
if dat.Read() then
for i = 3 to dat.fieldcount -1
if dat(i) = "T"
roleList.Add(
Dat.GetName(i) )
end if
next
end if
dat.Close()
Dim roleListArray As String() =
roleList.ToArray(GetType(String))
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id,roleListArray)
Questions:
Why is it that if I try to run the same code that is currently within
Application_AuthenticateRequest from another sub in say sub setroles() in
login.aspx it doesn't set these roles and no errors are thrown (making me
think it is working, but it aint)?
If it is just not possible to do this sort of thing outside of global.asax's
application_authenication method, then how can I test if a users roles have
been set, so that this code that is calling a DB is not run every time a
request is made to any page within the website, which is what it is doing.
Someone suggest putting this in the session_onstart, but that would mean it
would be fired before the person had even submitted their login details
through login.aspx
And, why cant I get a hold of a session var that I have set within
login.aspx once the user logs in from within global.asax, which is what I
need to determine the user id to collect the data from the DB then set his
permissions?
I cant use user.identity.name (althought that is whats shown in the code
above) to store this id as it being used for another id that I need to keep
a hold of for that's users session?
The only other option I have is to set about 15-20 session vars when the
user logs in and use them to determine a users roles/permissions throughout
other pages, but this seems a bit of a waste when there is something built
into the framework to handle this.
Yours totally confused!
roles from a db.
if (not(HttpContext.Current.User is Nothing)) then
if HttpContext.Current.User.Identity.AuthenticationType = "Forms" then
Dim id as System.Web.Security.FormsIdentity
id = HttpContext.Current.User.Identity
SQL = "SELECT dbo.ADMIN_USERS_PERMISSIONS.* "
SQL = SQL & "FROM dbo.ADMIN_USERS_PERMISSIONS "
SQL = SQL & "WHERE
dbo.ADMIN_USERS_PERMISSIONS.USER_TYPE_ID= "
SQL = SQL & "'" &
HttpContext.Current.User.Identity.Name & "'"
con = New
SqlConnection(ConfigurationSettings.AppSettings("DBconnString"))
cmd = New SqlCommand()
cmd.CommandText = SQL
cmd.Connection = con
con.open()
dat = cmd.ExecuteReader(
CommandBehavior.CloseConnection )
if dat.Read() then
for i = 3 to dat.fieldcount -1
if dat(i) = "T"
roleList.Add(
Dat.GetName(i) )
end if
next
end if
dat.Close()
Dim roleListArray As String() =
roleList.ToArray(GetType(String))
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id,roleListArray)
Questions:
Why is it that if I try to run the same code that is currently within
Application_AuthenticateRequest from another sub in say sub setroles() in
login.aspx it doesn't set these roles and no errors are thrown (making me
think it is working, but it aint)?
If it is just not possible to do this sort of thing outside of global.asax's
application_authenication method, then how can I test if a users roles have
been set, so that this code that is calling a DB is not run every time a
request is made to any page within the website, which is what it is doing.
Someone suggest putting this in the session_onstart, but that would mean it
would be fired before the person had even submitted their login details
through login.aspx
And, why cant I get a hold of a session var that I have set within
login.aspx once the user logs in from within global.asax, which is what I
need to determine the user id to collect the data from the DB then set his
permissions?
I cant use user.identity.name (althought that is whats shown in the code
above) to store this id as it being used for another id that I need to keep
a hold of for that's users session?
The only other option I have is to set about 15-20 session vars when the
user logs in and use them to determine a users roles/permissions throughout
other pages, but this seems a bit of a waste when there is something built
into the framework to handle this.
Yours totally confused!