|
-
Sep 24th, 2008, 08:14 PM
#1
Thread Starter
Hyperactive Member
Add roles to my authentication scheme
I wrote my own membership provider for the most part it works. However I have added some folders now that I would like to block based on the role that user is in. I can authenticate the user and get my role from the database with the following code. I also know how to block or allow roles in the web.config file <deny roles="Technician" /> but I don't know how to put it all together. How do I block users not in the roll from entering a folder in my asp.net code?
VB Code:
Dim myName, myPass, myRole As String
Protected Sub OnAuthenticate( _
ByVal sender As Object, _
ByVal e As AuthenticateEventArgs)
CheckAuth(logInControl.UserName, logInControl.Password)
If ( _
String.Compare(logInControl.UserName, myName, True) = 0) AndAlso ( _
String.Compare(logInControl.Password, myPass, True) = 0) Then
e.Authenticated = True
Else
e.Authenticated = False
End If
End Sub
Protected Sub CheckAuth(ByVal name As String, ByVal pass As String)
Dim con As New SqlConnection( _
ConfigurationManager.ConnectionStrings("myApp").ConnectionString)
Dim cmd As New SqlCommand
Dim dr As SqlDataReader = Nothing
cmd = con.CreateCommand
cmd.CommandText = ( _
"SELECT UserName, PassWord, Role " & _
"FROM Users Where UserName = '" & name & _
"' and " & " password= '" & pass & "'")
Try
con.Open()
dr = cmd.ExecuteReader
If dr.HasRows Then
While dr.Read
myName = CStr(dr("UserName"))
myPass = CStr(dr("PassWord"))
myRole = CStr(dr("UserRole"))
End While
Else
myName = "nope"
myPass = "nope"
End If
Catch ex As Exception
Response.Write(ex.ToString)
End Try
End Sub
-
Sep 25th, 2008, 02:41 PM
#2
Re: Add roles to my authentication scheme
Use the location node in the web.config to deny access to the folder.
Code:
<location path="myfolder">
<allow roles="admins" />
<deny users="*" />
</location>
-
Sep 25th, 2008, 03:20 PM
#3
Thread Starter
Hyperactive Member
Re: Add roles to my authentication scheme
mendhak thanks for the reply. The part I am confused about is how to make the application aware that the myRole = CStr(dr("UserRole")) is relevent to whether the user can browse the folder or not.
In the code above I can refuse the browsing to all folders when the CheckAuth returns a false but how do I set it up so that I can do the same thing for specific folders?
This seems like it should be a simple thing but I just cannot get my mind around the idea. I think I have to set two levels of authentication. One for the user name and password and then one for roles. Is that correct?
-
Sep 25th, 2008, 10:22 PM
#4
Re: Add roles to my authentication scheme
You said you created a custom membership provider, right? Aah, you didn't create a Custom Role Provider did you?
Right, you'll need to write another class. Your own Custom Role Provider. Implement all the methods that you need. For your specific purposes I believe you will need to implement the "IsUserInRole" and "GetRolesForUser" (something similarly named) methods.
Then obviously, set your role provider as the default role provider to be used by the application.
-
Sep 25th, 2008, 10:23 PM
#5
Re: Add roles to my authentication scheme
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|