I don't think you can disable the "Token" on the fly. To dynamically
control access, store those who are allowed in a table and those who are not
allowed in another table - or separate views of the same table - or an
array or arraylist and use something like this:
foreach(string user in BannedUsers)
{
if (user == User.Identity.Name)
{
throw new Exception ("You are not authorized");
}
}
You could do a PrincipalPermission.Demand() on the user against a list of
users, but I don't think it buys you much in this case. The concept there
is you create a PermissionPrincipal:
bool allowed = false;
foreach(string user in AllowedUsers)
{
try
{
PrincipalPermission pp = new PrincipalPermission(null, user);
pp.Demand();
allowed = true;
}
catch(Exception ex)
{
}
}
if (!allowed)
throw new Exception ("You're not allowed here!");
Hope this helps
Dale
If the
"Stuart Shay" <ss***@j51.com> wrote in message
news:#J*************@TK2MSFTNGP10.phx.gbl...
Hello All:
I am using Windows Authentication in my VB/ASP.NET Intranet Web
Application.
How do I create a method that will release the authentication Token, so
the user will no longer have access to any of the resources on the site?
Thanks
Stuart