469,270 Members | 1,026 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,270 developers. It's quick & easy.

Role-based security: Access the role of current user

I have implemented role-based security within my ASP.Net application.
However, it seems the role is not passed to the authentication ticket I
create.

I want to use it to display/hide some content based on the user's role. I
wrote this to do it:

if (HttpContext.Current.User.Identity.IsAuthenticated )
{
plLoggedIn.Visible = true;
liFirstName.Text = HttpContext.Current.User.Identity.Name;
// This condition is causing me problems.
// The condition always returns false, and hence writes
// "user" regardless of what I log on as.
if (HttpContext.Current.User.IsInRole("Administrator" ))
{
liUserRole.Text = "administrator";
}
else
{
liUserRole.Text = "user";
}
}
else
{
plLogin.Visible = true; // if not logged in, show login-form
}

I create my ticket as:

FormsAuthenticationTicket oTicket = new FormsAuthenticationTicket(
1,
txtUserName.Text, //user name from form
DateTime.Now,
DateTime.Now.AddMinutes(30),
false, //deletes cookie when closing browser session.
oData.GetString(0), //Data from db with value either "Administrator"
//or "User"
FormsAuthentication.FormsCookiePath
);

In my global.asax I added the code:

if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, the
string userData = ticket.UserData; //Should contain e.g. "User"
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}

It seems the ticket is created well enough - at least it is possible to
extract the username with User.Identity.Name, but the role passed as
userData above seems to be empty.

Is there any way to see what the role of a current user is - without
doing a explicit match like

User.IsInRole("<some role name>")

I would like to be able to do something similar to

someLabel.Text = "Your role is: " + User.Identity.Role();

.... but I cannot find the right way to do it.

I know this is a lot of code, but can any of you see where I am missing
something?

Thanks,

--
Jesper Stocholm - http://stocholm.dk
Copenhagen, Denmark
Nov 17 '05 #1
2 2709
John Saunders wrote :
Jesper,

I don't see anything wrong in your code.

Have you checked in the debugger to see that the role is always
present in global.asax?
Ehm - how do I do this? My application is not compiled to a complete dll
using codebehind, but each .aspx.cs-file is compiled (initially) at
runtime.
Another experiment might be to create your
GenericPrincipal with a new Identity, just to see if this new Identity
makes it as far as the Page_Load of one of your pages.


I will try that. It seems there is no problem with the userdata contained
in my ticket, since I am able to write oTicket.UserData to the page and
get e.g. "Administrator". Also, Page.User.Current.Identity.Name is
available - just not the role.

Thanks for your time - I must admit that I am a bit lost with this
problem, so any help is appreciated.

:o)

--
Jesper Stocholm - http://stocholm.dk
Copenhagen, Denmark
Nov 17 '05 #2
"Jesper Stocholm" <je*****@stocholm.invalid> wrote in message
news:Xn************************@130.226.1.34...
John Saunders wrote :
Jesper,

I don't see anything wrong in your code.

Have you checked in the debugger to see that the role is always
present in global.asax?
Ehm - how do I do this? My application is not compiled to a complete dll
using codebehind, but each .aspx.cs-file is compiled (initially) at
runtime.


I don't know how you debug code except in codebehind. You could use
Page.Trace.Write, but I always use codebehind, so I don't know of any other
way. Try writing out the role in global.asax.
Another experiment might be to create your
GenericPrincipal with a new Identity, just to see if this new Identity
makes it as far as the Page_Load of one of your pages.


I will try that. It seems there is no problem with the userdata contained
in my ticket, since I am able to write oTicket.UserData to the page and
get e.g. "Administrator".


When do you write it out? In global.asax? The question isn't whether it's
correct on your login page, but whether it's correct later in global.asax on
subsequent page requests.
Also, Page.User.Current.Identity.Name is
available - just not the role.


Correct. The roles are only available via IsInRole.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
Nov 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Dave Kolb | last post: by
3 posts views Thread by John Dalberg | last post: by
reply views Thread by shapper | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.