Results 1 to 5 of 5

Thread: Add roles to my authentication scheme

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2005
    Posts
    259

    Add roles to my authentication scheme

    I wrote my own membership provider for the most part it works. However I have added some folders now that I would like to block based on the role that user is in. I can authenticate the user and get my role from the database with the following code. I also know how to block or allow roles in the web.config file <deny roles="Technician" /> but I don't know how to put it all together. How do I block users not in the roll from entering a folder in my asp.net code?

    VB Code:
    1. Dim myName, myPass, myRole As String
    2.     Protected Sub OnAuthenticate( _
    3.         ByVal sender As Object, _
    4.         ByVal e As AuthenticateEventArgs)
    5.  
    6.         CheckAuth(logInControl.UserName, logInControl.Password)
    7.         If ( _
    8.             String.Compare(logInControl.UserName, myName, True) = 0) AndAlso ( _
    9.             String.Compare(logInControl.Password, myPass, True) = 0) Then
    10.             e.Authenticated = True
    11.         Else
    12.             e.Authenticated = False
    13.         End If
    14.     End Sub
    15.     Protected Sub CheckAuth(ByVal name As String, ByVal pass As String)
    16.         Dim con As New SqlConnection( _
    17.             ConfigurationManager.ConnectionStrings("myApp").ConnectionString)
    18.         Dim cmd As New SqlCommand
    19.         Dim dr As SqlDataReader = Nothing
    20.         cmd = con.CreateCommand
    21.         cmd.CommandText = ( _
    22.             "SELECT UserName, PassWord, Role " & _
    23.             "FROM Users Where UserName = '" & name & _
    24.             "' and " & " password= '" & pass & "'")
    25.         Try
    26.             con.Open()
    27.             dr = cmd.ExecuteReader
    28.             If dr.HasRows Then
    29.                 While dr.Read
    30.                     myName = CStr(dr("UserName"))
    31.                     myPass = CStr(dr("PassWord"))
    32.                     myRole = CStr(dr("UserRole"))
    33.                 End While
    34.             Else
    35.                 myName = "nope"
    36.                 myPass = "nope"
    37.             End If
    38.         Catch ex As Exception
    39.             Response.Write(ex.ToString)
    40.         End Try
    41.     End Sub

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: Add roles to my authentication scheme

    Use the location node in the web.config to deny access to the folder.

    Code:
    <location path="myfolder">
    <allow roles="admins" />
    <deny users="*" />
    </location>

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2005
    Posts
    259

    Re: Add roles to my authentication scheme

    mendhak thanks for the reply. The part I am confused about is how to make the application aware that the myRole = CStr(dr("UserRole")) is relevent to whether the user can browse the folder or not.

    In the code above I can refuse the browsing to all folders when the CheckAuth returns a false but how do I set it up so that I can do the same thing for specific folders?

    This seems like it should be a simple thing but I just cannot get my mind around the idea. I think I have to set two levels of authentication. One for the user name and password and then one for roles. Is that correct?

  4. #4
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: Add roles to my authentication scheme

    You said you created a custom membership provider, right? Aah, you didn't create a Custom Role Provider did you?

    Right, you'll need to write another class. Your own Custom Role Provider. Implement all the methods that you need. For your specific purposes I believe you will need to implement the "IsUserInRole" and "GetRolesForUser" (something similarly named) methods.

    Then obviously, set your role provider as the default role provider to be used by the application.

  5. #5
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: Add roles to my authentication scheme


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width