Setting Roles with Forms Authentication and Access 2003

G

Guest

Hi

I currently have an asp.NET project. I'm using Access 2003 and forms authentication to authenticate users. Can anyone tell me how to set the roles in asp.NET so that it recognizes them? The logging in portion of my code works...What I need to know is how to allow access to certain pages to users with an administrator role while blocking access to regular users. My database has 3 columns, username, password, and roles. It is the last column that I would like asp.NET to recognize.

Thank you

Ed
 
P

Paul Bobrowski

While I am just starting with ASP.NET, I have used regular ASP so hopefully
this still applies.

In the authentication portion of your code, have it read the role of the
user out of the database and store it in a Session Variable. On the pages
you would like to restrict to Administrator only access, but a check to
verify the user's role that is stored in the Session Variable at the very
beginning of the page load. If the user isn't an Administrator, use the
Redirect to send them into an invalid permissions page or whatever you want
to setup. Finally depending on how your site is designed it would be good
practice to not even show the links to visit the restricted page unless the
Session Variable role is set to an Administator.


Ed said:
Hi,

I currently have an asp.NET project. I'm using Access 2003 and forms
authentication to authenticate users. Can anyone tell me how to set the
roles in asp.NET so that it recognizes them? The logging in portion of my
code works...What I need to know is how to allow access to certain pages to
users with an administrator role while blocking access to regular users. My
database has 3 columns, username, password, and roles. It is the last
column that I would like asp.NET to recognize.
 
J

John Saunders

Ed said:
Hi,

I currently have an asp.NET project. I'm using Access 2003 and forms
authentication to authenticate users. Can anyone tell me how to set the
roles in asp.NET so that it recognizes them? The logging in portion of my
code works...What I need to know is how to allow access to certain pages to
users with an administrator role while blocking access to regular users. My
database has 3 columns, username, password, and roles. It is the last
column that I would like asp.NET to recognize.

The standard way to do this is to get a list of roles out of your database,
however you would do that. You will then save the list (perhaps as
comma-separated values) in the UserData property of the Forms Authentication
ticket. Then, in the AuthenticateRequest handler in global.asax, you'll pull
the list out of UserData and supply it to the GenericPrincipal constructor.
See HOW TO: Implement Role-Based Security with Forms-Based Authentication in
Your ASP.NET Application by Using Visual Basic .NET
(http://support.microsoft.com/default.aspx?scid=kb;en-us;306238) for an
example.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top