I wrote my own membership provider for the most part it works. However I have added some folders now that I would like to block based on the role that user is in. I can authenticate the user and get my role from the database with the following code. I also know how to block or allow roles in the web.config file <deny roles="Technician" /> but I don't know how to put it all together. How do I block users not in the roll from entering a folder in my asp.net code?
VB Code:
Dim myName, myPass, myRole As String Protected Sub OnAuthenticate( _ ByVal sender As Object, _ ByVal e As AuthenticateEventArgs) CheckAuth(logInControl.UserName, logInControl.Password) If ( _ String.Compare(logInControl.UserName, myName, True) = 0) AndAlso ( _ String.Compare(logInControl.Password, myPass, True) = 0) Then e.Authenticated = True Else e.Authenticated = False End If End Sub Protected Sub CheckAuth(ByVal name As String, ByVal pass As String) Dim con As New SqlConnection( _ ConfigurationManager.ConnectionStrings("myApp").ConnectionString) Dim cmd As New SqlCommand Dim dr As SqlDataReader = Nothing cmd = con.CreateCommand cmd.CommandText = ( _ "SELECT UserName, PassWord, Role " & _ "FROM Users Where UserName = '" & name & _ "' and " & " password= '" & pass & "'") Try con.Open() dr = cmd.ExecuteReader If dr.HasRows Then While dr.Read myName = CStr(dr("UserName")) myPass = CStr(dr("PassWord")) myRole = CStr(dr("UserRole")) End While Else myName = "nope" myPass = "nope" End If Catch ex As Exception Response.Write(ex.ToString) End Try End Sub




Reply With Quote