473,386 Members | 1,886 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > restrict users using application_acquirerequeststate?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Restrict users using Application_AcquireRequestState?

We have an intranet application that is under Integrated security. So in
theory, anyone who has an Active Directory account in the company can access
my app.

So, to allow only certain users, I created a user table of domain accounts
and check these in the Application_AcquireRequestState event by comparing the
Identity.Name to names in my table. If OK, I set a session variable
HasAccess to "1" since sessions are available in this event.

Then, on subsequent page requests, this event checks the
Request.IsAuthenticated and then the Session["HasAccess"] to allow them in
or not.

Is this approach valid or is there a better way? It seems to work OK,
except I have webservices on the site as well which, when requested, also
fires the Application_AcquireRequestState event BUT when I try to access the
Session variables, it returns a null object reference because it seems the
Session is never actually created by a webservice request.
Nov 19 '05 #1
1 3615
Hi Dave:

Session state is disabled by default for asmx, but you can change the
default.

Another idea is to organize authorized users into an Active Directory
group in your domain. Then you add an <authorization> section to
web.config and restrict the app to just members of the group. No extra
code required!

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Wed, 2 Mar 2005 09:59:06 -0800, "Dave"
<Da**@discussions.microsoft.com> wrote:
We have an intranet application that is under Integrated security. So in
theory, anyone who has an Active Directory account in the company can access
my app.

So, to allow only certain users, I created a user table of domain accounts
and check these in the Application_AcquireRequestState event by comparing the
Identity.Name to names in my table. If OK, I set a session variable
HasAccess to "1" since sessions are available in this event.

Then, on subsequent page requests, this event checks the
Request.IsAuthenticated and then the Session["HasAccess"] to allow them in
or not.

Is this approach valid or is there a better way? It seems to work OK,
except I have webservices on the site as well which, when requested, also
fires the Application_AcquireRequestState event BUT when I try to access the
Session variables, it returns a null object reference because it seems the
Session is never actually created by a webservice request.


Nov 19 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
IIS 5 - GetObject fails with "Restrict Anonymous" enabled on Domain Controllers
by: Gerry | last post by:
I have a developer here with a website running with only "Windows Integrated Authentication" set on a Windows 2000 member server that uses GetObject to get a user's group membership in the domain....
ASP / Active Server Pages
3
Restrict Access Problem
by: Paul | last post by:
Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built...
ASP / Active Server Pages
2
Restrict Multiple Logins
by: Sudheer | last post by:
Hi All, We need to restrict multiple users login to the system. If one user is online with one userID, we need to show the message "This user already logs in to the system" to the other user who...
ASP.NET
2
restrict query
by: pemo | last post by:
In Harbison and Steele's book, they say that using 'restrict' allows functions like memcpy() to be prototyped like this: void * memcpy(void * restrict s1, const void * restrict s2, size_t n); ...
C / C++
3
Restrict files on Local or Network PCS
by: dion.naidoo | last post by:
Hi ,is there any way one can restrict users to copy files with extensions that we dont want on our networks or local pcs. Users are local administrators of their pcs. PS. If this is not possible...
C# / C Sharp
2
Restrict users from navigating backwards
by: sushilviews | last post by:
Hi, I want restrict users from using the backward navigation buttons or backspace key in IE or may be in any browser. What is the the best way of not allowing the user to restrict backward...
.NET Framework
5
How do I restrict the data users can enter in an inputbox?
by: Dakrat | last post by:
Allow me to preface this post by saying that this is my first database project, and while I have learned a lot, any concepts I have learned are hit and miss as I have found new requirements and...
Microsoft Access / VBA
5
Is it possible to restrict specific files & folders on C: Drive from other users
by: need2know | last post by:
Hello In my quest for knowlwdge i would like to know if it possible to hide or restrict certain folders on the C drive from other users who log and use the same computer as the administrator...
Microsoft Windows
2
Regarding restrict qualifier
by: venkat | last post by:
Hi, i came across restrict qualifier while looking the code. I haven't able to understand what does this do?. Can some one help me how does this makes the things restrict to an specified...
C / C++
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!