473,382 Members | 1,809 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > nt based roles using forms authentication

Join Bytes to post your question to a community of 473,382 software developers and data experts.

NT based roles using forms authentication

Please can you help with a problem I am having.

My web config is set to...
<authorization><deny users="?"/>
<authentication mode="Forms">
<forms name=".COOKIE" loginUrl="login.aspx" protection="All"
timeout="5" path="/"/>
</authentication>
<identity impersonate="true"/>

login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(TextBoxUsername.Text,
"HILLSRD",
TextBoxPassword.Text,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token) != 0)
{

FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
CBoxRememberMe.Checked);

}

but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.

Sharat Koya
Nov 18 '05 #1
3 1908
Hi Sharat:

I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:

<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>

This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards.

--
Scott
http://www.OdeToCode.com
On 13 Aug 2004 08:12:33 -0700, sh*********@addenbrookes.nhs.uk (Sharat
Koya) wrote:
Please can you help with a problem I am having.

My web config is set to...
<authorization><deny users="?"/>
<authentication mode="Forms">
<forms name=".COOKIE" loginUrl="login.aspx" protection="All"
timeout="5" path="/"/>
</authentication>
<identity impersonate="true"/>

login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(TextBoxUsername.Text,
"HILLSRD",
TextBoxPassword.Text,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token) != 0)
{

FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
CBoxRememberMe.Checked);

}

but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.

Sharat Koya


Nov 18 '05 #2
<identity impersonate="true"/> means to impersonate the iis authenticated
user, in your case because you are using forms authentication, the iis user
is the anonymous login.

because you are using forms authentication, its your job to fill in the
roles. you will need to do this on every request.

-- bruce (sqlwork.com)
"Sharat Koya" <sh*********@addenbrookes.nhs.uk> wrote in message
news:8e**************************@posting.google.c om...
Please can you help with a problem I am having.

My web config is set to...
<authorization><deny users="?"/>
<authentication mode="Forms">
<forms name=".COOKIE" loginUrl="login.aspx" protection="All"
timeout="5" path="/"/>
</authentication>
<identity impersonate="true"/>

login.aspx uses advapi32.dll to create the token and authenticate the
user
using the code..
if(LogonUser(TextBoxUsername.Text,
"HILLSRD",
TextBoxPassword.Text,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token) != 0)
{

FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
CBoxRememberMe.Checked);

}

but when I want to enable NT group security but when I go to access
User.IsInRole it always returns false? I digged a little deeper by
live debugging and found that m_roles array is always empty. What am I
doing wrong - why aren't the roles avaialble that are on the domain?
many thanks for any help on this.

Sharat Koya

Nov 18 '05 #3
You could create locked down local accounts on the web server and
still use Windows authentication. If the server doesn't recognize
thier current credentials the browser will prompt for then to enter a
username, password and domain (machine name) to log in with.

--
Scott
http://www.OdeToCode.com

On Fri, 13 Aug 2004 11:37:03 -0700, "Sharat Koya" <Sharat
Ko**@discussions.microsoft.com> wrote:
The reason I am using this method is that it allows users to be logged in on
a secure locked down account whilst allowing them the option to log in as
them selves and change between users without logging off the account. Is
there a way of perserving this idea without implementing database stored
roles?

thanks

"Scott Allen" wrote:
Hi Sharat:

I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:

<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>

This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards.

--
Scott
http://www.OdeToCode.com
On 13 Aug 2004 08:12:33 -0700, sh*********@addenbrookes.nhs.uk (Sharat
Koya) wrote:
>Please can you help with a problem I am having.
>
>My web config is set to...
><authorization><deny users="?"/>
><authentication mode="Forms">
><forms name=".COOKIE" loginUrl="login.aspx" protection="All"
>timeout="5" path="/"/>
></authentication>
><identity impersonate="true"/>
>
>login.aspx uses advapi32.dll to create the token and authenticate the
>user
>using the code..
>if(LogonUser(TextBoxUsername.Text,
> "HILLSRD",
> TextBoxPassword.Text,
> LOGON32_LOGON_INTERACTIVE,
> LOGON32_PROVIDER_DEFAULT,
> ref token) != 0)
> {
>
> FormsAuthentication.RedirectFromLoginPage(TextBoxU sername.Text,
>CBoxRememberMe.Checked);
>
> }
>
>but when I want to enable NT group security but when I go to access
>User.IsInRole it always returns false? I digged a little deeper by
>live debugging and found that m_roles array is always empty. What am I
>doing wrong - why aren't the roles avaialble that are on the domain?
>
>
>many thanks for any help on this.
>
>Sharat Koya



Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Authentication problem for roles based
by: Chris Gatto | last post by:
Hi, I'm having what should be a minor problem but has turned into a 2 day slug fest with ASP.Net. I am simply attempting to authenticate my asp.net application users against users in an AD...
ASP.NET
3
Role Based Security Question
by: Mike Logan | last post by:
Questions about Role Based Security in ASP.Net: I have a few questions about role based security in an ASP.Net application. Below are some points about our system: - We have a hierarchical...
ASP.NET
7
role based security and
by: david | last post by:
I have the following questions to ask. For example, there are two roles, A and B to grant to users UA and UB respectively. UB in not in role A and UA is not in role B. A can access to Apage and...
ASP.NET
5
Strange Role-Based authentication problem!
by: Archer | last post by:
I was making a role-based authentication but it does't login with correct password. the HttpContext.Current.User recieved in Global.asax is always null. Request.IsAuthenticated is always false....
ASP.NET
3
ASP.NET: How to conditionally display content based on login/authentication?
by: | last post by:
One thing I did a lot of in Classic ASP involved showing page elements conditionally based on whether a user was logged in or not. Logged in users or "superusers" would get more content and/or more...
ASP.NET
2
How Do I Implement Roles For Forms-Based Authentication?
by: Joey | last post by:
I have a web app with many users and their associated values (hashed passwords, first name, last name, etc...) stored in a Microsoft SQL Server 2000 database. My app uses stored procedures and...
ASP.NET
4
authorization based on url parameters
by: xke | last post by:
Using web.config authorization settings, is it possible to allow my users to access default.aspx but not default.aspx?action=edit ?? <location path="default.aspx"> <system.web> <authorization>...
ASP.NET
1
Allow users works but not allow roles
by: PaulG | last post by:
Hi I'm trying to implement roles onto a .NET2 enviroment running IIS using Form Authentication. Using default aspnet login screen working back to a SQL server. The Web. config for directory is...
.NET Framework
2
Help me with Login and user roles please.
by: mark4asp | last post by:
This is a simplified version of my site. There are Premium users who have access to the Premium directory. Anyone else attempting to access it should be logged and then redirected to the...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!