where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004 11  1304 
application_authenticaterequest
and yes each request is a unique by itself. the only way you say that it
belong to this user from a server's prespective is
a. session id
b. principal based on authentication
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN. http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
' Attach the new principal object to the current HttpContext object
Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?
i doubt no!
amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl... I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,
roles) ' Attach the new principal object to the current HttpContext
object Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
yes it is accessible everywhere... even your middle tier components as long
as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the username
which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?
i doubt no!
amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl... I assume you are talking about doing this along with authentication.
Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie =
Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,
roles) ' Attach the new principal object to the current HttpContext
object Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... > where is the place to attach pricipall object to identity.
>
> global file
> and is it necessary to attach each time user roles to principal
> object..
>
> amit
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
Hello
thx for ur reply
have used this implementation on a live site
how is it showing results!!!
yhx amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl... I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,
roles) ' Attach the new principal object to the current HttpContext
object Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)
instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session
thats it ,,
what do u feel
please comment on it
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oe**************@TK2MSFTNGP09.phx.gbl... yes it is accessible everywhere... even your middle tier components as
long as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the
username which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... thx for ur reply...
is user.identity.name
accessible in class modules and ascx controls?
i doubt no!
amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl... I assume you are talking about doing this along with authentication.
Here
is what I've done, and it works great. This was taken from an example
on MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie =
Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,
roles) ' Attach the new principal object to the current HttpContext
object Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...
> where is the place to attach pricipall object to identity.
>
> global file
> and is it necessary to attach each time user roles to principal
> object..
>
> amit
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
this concept can work for cookieless mode:?
i guess not
then are we handicapped..?
please reply
amit
"Michael" <raterus@localhost> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl... I assume you are talking about doing this along with authentication. Here
is what I've done, and it works great. This was taken from an example on
MSDN.
http://msdn.microsoft.com/library/de...SecNetHT04.asp
'in global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
'Extract the forms authentication cookie
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then
'There is no authentication cookie.
Return
End If
Dim authTicket As FormsAuthenticationTicket
Try
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
Catch ex As Exception
' Log exception details (omitted for simplicity)
Return
End Try
If authTicket Is Nothing Then
' Cookie failed to decrypt.
Return
End If
Dim roles() As String = {"role1","role2","role3"}
' Create an Identity object
Dim id As FormsIdentity = New FormsIdentity(authTicket)
' This principal will flow throughout the request.
Dim principal As GenericPrincipal = New GenericPrincipal(id,
roles) ' Attach the new principal object to the current HttpContext
object Context.User = principal
End Sub
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim p As System.Security.Principal.IPrincipal =
HttpContext.Current.User
'username
Response.Write ("Your username " & p.Identity.Name)
If p.IsInRole("role1") Then
Response.Write("User is in role1")
Else
Response.Write("User is not in role1")
End If
End Sub
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl... where is the place to attach pricipall object to identity.
global file
and is it necessary to attach each time user roles to principal object..
amit
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
but if you are encrypting the ticket before writing the ticket to the cookie
whats the problem ?
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl... hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)
instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session
thats it ,,
what do u feel
please comment on it
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:Oe**************@TK2MSFTNGP09.phx.gbl... yes it is accessible everywhere... even your middle tier components as
long as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the
username which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code behind...
user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... > thx for ur reply...
> is user.identity.name
> accessible in class modules and ascx controls?
>
> i doubt no!
>
> amit
>
> "Michael" <raterus@localhost> wrote in message
> news:ek**************@TK2MSFTNGP09.phx.gbl...
>> I assume you are talking about doing this along with authentication.
>> Here
>> is what I've done, and it works great. This was taken from an example on >> MSDN.
>>
> http://msdn.microsoft.com/library/de...SecNetHT04.asp >>
>> 'in global.asax
>> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal
>> e
>> As
>> EventArgs)
>> ' Fires upon attempting to authenticate the user
>>
>> 'Extract the forms authentication cookie
>> Dim cookieName As String = FormsAuthentication.FormsCookieName
>> Dim authCookie As HttpCookie =
>> Context.Request.Cookies(cookieName)
>>
>> If authCookie Is Nothing Then
>> 'There is no authentication cookie.
>> Return
>> End If
>>
>> Dim authTicket As FormsAuthenticationTicket
>>
>> Try
>> authTicket = FormsAuthentication.Decrypt(authCookie.Value)
>> Catch ex As Exception
>> ' Log exception details (omitted for simplicity)
>> Return
>> End Try
>>
>> If authTicket Is Nothing Then
>> ' Cookie failed to decrypt.
>> Return
>> End If
>>
>> Dim roles() As String = {"role1","role2","role3"}
>>
>> ' Create an Identity object
>> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>>
>> ' This principal will flow throughout the request.
>> Dim principal As GenericPrincipal = New GenericPrincipal(id,
> roles)
>> ' Attach the new principal object to the current HttpContext
> object
>> Context.User = principal
>>
>>
>> End Sub
>>
>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> System.EventArgs) Handles MyBase.Load
>> 'Put user code to initialize the page here
>> Dim p As System.Security.Principal.IPrincipal =
>> HttpContext.Current.User
>>
>> 'username
>> Response.Write ("Your username " & p.Identity.Name)
>>
>> If p.IsInRole("role1") Then
>> Response.Write("User is in role1")
>> Else
>> Response.Write("User is not in role1")
>> End If
>> End Sub
>>
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> > where is the place to attach pricipall object to identity.
>> >
>> > global file
>> > and is it necessary to attach each time user roles to principal
>> > object..
>> >
>> > amit
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl... but if you are encrypting the ticket before writing the ticket to the
cookie whats the problem ?
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl... hi,
my prj manager is saying
not to store roles in ticket i.e on clients m/c(cookie)
instead store it in sesion
then i feel there is mo need to store roles in principal
jus create a method IsInRole() and pass role like admin
and check for specified role in rolearray which is in session
thats it ,,
what do u feel
please comment on it
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in
message news:Oe**************@TK2MSFTNGP09.phx.gbl... yes it is accessible everywhere... even your middle tier components as
long as they get hold of HttpContext Object
if you assigned the userid or the FirstName + " " + LastName to the
username which creating the forms authentication ticket,
then you can read that value anywhere in your code.. be it code
behind... user controls... or even your custom components.
as long as you bind the ticket to the principal in
Applicaiton_AuthenticateRequest
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
> thx for ur reply...
> is user.identity.name
> accessible in class modules and ascx controls?
>
> i doubt no!
>
> amit
>
> "Michael" <raterus@localhost> wrote in message
> news:ek**************@TK2MSFTNGP09.phx.gbl...
>> I assume you are talking about doing this along with authentication.
>> Here
>> is what I've done, and it works great. This was taken from an
example on >> MSDN.
>>
>
http://msdn.microsoft.com/library/de...SecNetHT04.asp >>
>> 'in global.asax
>> Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal >> e
>> As
>> EventArgs)
>> ' Fires upon attempting to authenticate the user
>>
>> 'Extract the forms authentication cookie
>> Dim cookieName As String =
FormsAuthentication.FormsCookieName >> Dim authCookie As HttpCookie =
>> Context.Request.Cookies(cookieName)
>>
>> If authCookie Is Nothing Then
>> 'There is no authentication cookie.
>> Return
>> End If
>>
>> Dim authTicket As FormsAuthenticationTicket
>>
>> Try
>> authTicket =
FormsAuthentication.Decrypt(authCookie.Value) >> Catch ex As Exception
>> ' Log exception details (omitted for simplicity)
>> Return
>> End Try
>>
>> If authTicket Is Nothing Then
>> ' Cookie failed to decrypt.
>> Return
>> End If
>>
>> Dim roles() As String = {"role1","role2","role3"}
>>
>> ' Create an Identity object
>> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>>
>> ' This principal will flow throughout the request.
>> Dim principal As GenericPrincipal = New GenericPrincipal(id,
> roles)
>> ' Attach the new principal object to the current HttpContext
> object
>> Context.User = principal
>>
>>
>> End Sub
>>
>> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> System.EventArgs) Handles MyBase.Load
>> 'Put user code to initialize the page here
>> Dim p As System.Security.Principal.IPrincipal =
>> HttpContext.Current.User
>>
>> 'username
>> Response.Write ("Your username " & p.Identity.Name)
>>
>> If p.IsInRole("role1") Then
>> Response.Write("User is in role1")
>> Else
>> Response.Write("User is not in role1")
>> End If
>> End Sub
>>
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> > where is the place to attach pricipall object to identity.
>> >
>> > global file
>> > and is it necessary to attach each time user roles to principal
>> > object..
>> >
>> > amit
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
oh well, don't know much about cookieless forms authentication.. but if you
do get anywhere (ie get it working)... please do drop in a line...
--
Regards,
HD
Once a Geek.... Always a Geek
".NET Follower" <anonymn@rediffcom> wrote in message
news:uV**************@TK2MSFTNGP10.phx.gbl... here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:eG**************@TK2MSFTNGP09.phx.gbl... but if you are encrypting the ticket before writing the ticket to the
cookie whats the problem ?
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl... > hi,
> my prj manager is saying
> not to store roles in ticket i.e on clients m/c(cookie)
>
> instead store it in sesion
> then i feel there is mo need to store roles in principal
> jus create a method IsInRole() and pass role like admin
> and check for specified role in rolearray which is in session
>
> thats it ,,
>
> what do u feel
>
> please comment on it
>
> amit
>
>
> "Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message > news:Oe**************@TK2MSFTNGP09.phx.gbl...
>> yes it is accessible everywhere... even your middle tier components as
> long
>> as they get hold of HttpContext Object
>> if you assigned the userid or the FirstName + " " + LastName to the
> username
>> which creating the forms authentication ticket,
>> then you can read that value anywhere in your code.. be it code behind... >> user controls... or even your custom components.
>> as long as you bind the ticket to the principal in
>> Applicaiton_AuthenticateRequest
>>
>> --
>>
>> Regards,
>> HD
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:%2****************@TK2MSFTNGP12.phx.gbl...
>> > thx for ur reply...
>> > is user.identity.name
>> > accessible in class modules and ascx controls?
>> >
>> > i doubt no!
>> >
>> > amit
>> >
>> > "Michael" <raterus@localhost> wrote in message
>> > news:ek**************@TK2MSFTNGP09.phx.gbl...
>> >> I assume you are talking about doing this along with
>> >> authentication.
>> >> Here
>> >> is what I've done, and it works great. This was taken from an example > on
>> >> MSDN.
>> >>
>> >
> http://msdn.microsoft.com/library/de...SecNetHT04.asp >> >>
>> >> 'in global.asax
>> >> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal >> >> e
>> >> As
>> >> EventArgs)
>> >> ' Fires upon attempting to authenticate the user
>> >>
>> >> 'Extract the forms authentication cookie
>> >> Dim cookieName As String = FormsAuthentication.FormsCookieName >> >> Dim authCookie As HttpCookie =
>> >> Context.Request.Cookies(cookieName)
>> >>
>> >> If authCookie Is Nothing Then
>> >> 'There is no authentication cookie.
>> >> Return
>> >> End If
>> >>
>> >> Dim authTicket As FormsAuthenticationTicket
>> >>
>> >> Try
>> >> authTicket = FormsAuthentication.Decrypt(authCookie.Value) >> >> Catch ex As Exception
>> >> ' Log exception details (omitted for simplicity)
>> >> Return
>> >> End Try
>> >>
>> >> If authTicket Is Nothing Then
>> >> ' Cookie failed to decrypt.
>> >> Return
>> >> End If
>> >>
>> >> Dim roles() As String = {"role1","role2","role3"}
>> >>
>> >> ' Create an Identity object
>> >> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>> >>
>> >> ' This principal will flow throughout the request.
>> >> Dim principal As GenericPrincipal = New
>> >> GenericPrincipal(id,
>> > roles)
>> >> ' Attach the new principal object to the current
>> >> HttpContext
>> > object
>> >> Context.User = principal
>> >>
>> >>
>> >> End Sub
>> >>
>> >> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
>> >> System.EventArgs) Handles MyBase.Load
>> >> 'Put user code to initialize the page here
>> >> Dim p As System.Security.Principal.IPrincipal =
>> >> HttpContext.Current.User
>> >>
>> >> 'username
>> >> Response.Write ("Your username " & p.Identity.Name)
>> >>
>> >> If p.IsInRole("role1") Then
>> >> Response.Write("User is in role1")
>> >> Else
>> >> Response.Write("User is not in role1")
>> >> End If
>> >> End Sub
>> >>
>> >> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> >> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> >> > where is the place to attach pricipall object to identity.
>> >> >
>> >> > global file
>> >> > and is it necessary to attach each time user roles to principal
>> >> > object..
>> >> >
>> >> > amit
>> >> >
>> >> >
>> >> > ---
>> >> > Outgoing mail is certified Virus Free.
>> >> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> >> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
hi
this is a site which i found http://www.codeproject.com/aspnet/cookieless.asp
keep in touch
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in message
news:ef**************@TK2MSFTNGP11.phx.gbl... oh well, don't know much about cookieless forms authentication.. but if
you do get anywhere (ie get it working)... please do drop in a line...
--
Regards,
HD
Once a Geek.... Always a Geek
".NET Follower" <anonymn@rediffcom> wrote in message
news:uV**************@TK2MSFTNGP10.phx.gbl... here
security is not the issue
issue is if in futiure we want out site to
change to cookieless mode
then also our site shud work seemlessly.
amit
"Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in
message news:eG**************@TK2MSFTNGP09.phx.gbl... but if you are encrypting the ticket before writing the ticket to the
cookie whats the problem ?
--
Regards,
HD
"Amit Agarwal" <ammnbgd@rediffcom> wrote in message
news:uK******************@TK2MSFTNGP11.phx.gbl...
> hi,
> my prj manager is saying
> not to store roles in ticket i.e on clients m/c(cookie)
>
> instead store it in sesion
> then i feel there is mo need to store roles in principal
> jus create a method IsInRole() and pass role like admin
> and check for specified role in rolearray which is in session
>
> thats it ,,
>
> what do u feel
>
> please comment on it
>
> amit
>
>
> "Hermit Dave" <he************@CAPS.AND.DOTS.hotmail.com> wrote in
message > news:Oe**************@TK2MSFTNGP09.phx.gbl...
>> yes it is accessible everywhere... even your middle tier components
as > long
>> as they get hold of HttpContext Object
>> if you assigned the userid or the FirstName + " " + LastName to the
> username
>> which creating the forms authentication ticket,
>> then you can read that value anywhere in your code.. be it code
behind... >> user controls... or even your custom components.
>> as long as you bind the ticket to the principal in
>> Applicaiton_AuthenticateRequest
>>
>> --
>>
>> Regards,
>> HD
>> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> news:%2****************@TK2MSFTNGP12.phx.gbl...
>> > thx for ur reply...
>> > is user.identity.name
>> > accessible in class modules and ascx controls?
>> >
>> > i doubt no!
>> >
>> > amit
>> >
>> > "Michael" <raterus@localhost> wrote in message
>> > news:ek**************@TK2MSFTNGP09.phx.gbl...
>> >> I assume you are talking about doing this along with
>> >> authentication.
>> >> Here
>> >> is what I've done, and it works great. This was taken from an
example > on
>> >> MSDN.
>> >>
>> >
>
http://msdn.microsoft.com/library/de...SecNetHT04.asp >> >>
>> >> 'in global.asax
>> >> Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal >> >> e
>> >> As
>> >> EventArgs)
>> >> ' Fires upon attempting to authenticate the user
>> >>
>> >> 'Extract the forms authentication cookie
>> >> Dim cookieName As String =
FormsAuthentication.FormsCookieName >> >> Dim authCookie As HttpCookie =
>> >> Context.Request.Cookies(cookieName)
>> >>
>> >> If authCookie Is Nothing Then
>> >> 'There is no authentication cookie.
>> >> Return
>> >> End If
>> >>
>> >> Dim authTicket As FormsAuthenticationTicket
>> >>
>> >> Try
>> >> authTicket =
FormsAuthentication.Decrypt(authCookie.Value) >> >> Catch ex As Exception
>> >> ' Log exception details (omitted for simplicity)
>> >> Return
>> >> End Try
>> >>
>> >> If authTicket Is Nothing Then
>> >> ' Cookie failed to decrypt.
>> >> Return
>> >> End If
>> >>
>> >> Dim roles() As String = {"role1","role2","role3"}
>> >>
>> >> ' Create an Identity object
>> >> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>> >>
>> >> ' This principal will flow throughout the request.
>> >> Dim principal As GenericPrincipal = New
>> >> GenericPrincipal(id,
>> > roles)
>> >> ' Attach the new principal object to the current
>> >> HttpContext
>> > object
>> >> Context.User = principal
>> >>
>> >>
>> >> End Sub
>> >>
>> >> Private Sub Page_Load(ByVal sender As System.Object, ByVal e
As >> >> System.EventArgs) Handles MyBase.Load
>> >> 'Put user code to initialize the page here
>> >> Dim p As System.Security.Principal.IPrincipal =
>> >> HttpContext.Current.User
>> >>
>> >> 'username
>> >> Response.Write ("Your username " & p.Identity.Name)
>> >>
>> >> If p.IsInRole("role1") Then
>> >> Response.Write("User is in role1")
>> >> Else
>> >> Response.Write("User is not in role1")
>> >> End If
>> >> End Sub
>> >>
>> >> "Amit Agarwal" <ammnbgd@rediffcom> wrote in message
>> >> news:eS**************@TK2MSFTNGP10.phx.gbl...
>> >> > where is the place to attach pricipall object to identity.
>> >> >
>> >> > global file
>> >> > and is it necessary to attach each time user roles to principal
>> >> > object..
>> >> >
>> >> > amit
>> >> >
>> >> >
>> >> > ---
>> >> > Outgoing mail is certified Virus Free.
>> >> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> >> > Version: 6.0.572 / Virus Database: 362 - Release Date:
1/27/2004 >> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> > ---
>> > Outgoing mail is certified Virus Free.
>> > Checked by AVG anti-virus system (http://www.grisoft.com).
>> > Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>> >
>> >
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 1/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ( http://www.grisoft.com).
Version: 6.0.573 / Virus Database: 363 - Release Date: 1/28/2004 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: lawrence |
last post by:
How dangerous or stupid is it for an object to have a reference to the
object which contains it? If I have a class called $controllerForAll
which has an arrray of all the objects that exist, what...
|
by: Ville Vainio |
last post by:
Pythonic Nirvana - towards a true Object Oriented Environment
=============================================================
IPython (by Francois Pinard) recently (next release - changes are...
|
by: Bijay Kumar |
last post by:
Hi Guys,
I was going through the source code of Object.cs in rotor. What I found is
Equals() implemented as follows:
public extern virtual bool Equals(Object obj);
What I don't...
|
by: Daniel |
last post by:
Hello =)
I have an object which contains a method that should execute every x ms. I
can use setInterval inside the object construct like this -
self.setInterval('ObjectName.methodName()',...
|
by: Nick Zdunic |
last post by:
I have a remotable object running in my host application.
The host starts up and creates the object. Within a method to start the
remote object doing its thing it creates an object.
...
|
by: Bijay Kumar |
last post by:
Hi Guys,
I was going through the source code of Object class (Object.cs in rotor). What I found is
Equals() implemented as follows:
public extern virtual bool Equals(Object obj);
What...
|
by: yb |
last post by:
Hi,
Is there a standard for the global 'window' object in browsers? For
example, it supports methods such as setInterval and clearInterval, and
several others.
I know that w3c standardized...
|
by: User1014 |
last post by:
A global variable is really just a property of the "Global Object", so
what does that make a function defined in the global context? A method
of the Global Object?
...
|
by: Ralph |
last post by:
Hi
I don't understand why it's not working:
function schedule(imTop){
this.tdImagesTop = imTop;
}
schedule.prototype.selectEl = function() {
alert(this.tdImagesTop);
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
