[AspNetAnyQuestionIsOk] Role-based authorization with Forms Authentication

Thu, 19 Aug 2004 07:40:47 -0700 

 

Hello Everyone,
I am trying to implement role-based authorization with Forms Authentication
and running into a problem.

I have created a login page where the user enters the username and password.
After the user is authentication, I run a procedure in the global.asax file
in the AuthenticateRequest event handler. In this procedure, I am trying to
grab the roles from a table. But the query does not return any values! I
know the user is authenticated cause the menu that displays the roles is
empty. So the user does get to the .aspx forms.

On debugging I have noticed that the Context.User.Identity.Name is empty. I
am using the username that the user enters in the login form. My code is as
follows: 

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data.OleDB" %> 
<%@ Import Namespace="System.Security.Principal " %>

<script language="VB" runat="server">

Sub Application_AuthenticateRequest(sender as object, e as EventArgs)
        Dim strConnect as string =
ConfigurationSettings.AppSettings("HealthyVision")
        Dim Conn as OLEDBConnection 
    Dim Rdr as OLEDBDataReader 
        Dim CmdSelect as OLEDBCommand 
    Dim strSQL as string  
        Dim rolelist as New Arraylist
            
        If request.isAuthenticated Then
                'determine the user's role
                Conn=New OLEDBConnection(strConnect) 
        Conn.Open()
                
                'Query to get Applications info from database
            strSQL="SELECT tbl_group.group_name FROM (tbl_User INNER JOIN
tbl_roles ON tbl_User.Userid = tbl_roles.User_id) INNER JOIN tbl_group ON
tbl_roles.Group_id = tbl_group.group_id WHERE
(((tbl_User.Username)[EMAIL PROTECTED]))"
        
                
                CmdSelect=New OLEDBCommand(strSQL,Conn) 
                CmdSelect.Parameters.add("@username",
Context.User.Identity.Name)
            Rdr=CmdSelect.ExecuteReader() 
                While rdr.read()
                        rolelist.Add(rdr("group_name"))
                End While
                Rdr.close() 
                
                'convert the rolelist Arraylist to a string array
                Dim rolelistArray as string() =
rolelist.toArray(gettype(string))
                
                'Add roles to the user principal
                HttpContext.Current.User = New
GenericPrincipal(User.Identity, roleListArray)

        End if
End Sub
</script>



------------------------ Yahoo! Groups Sponsor --------------------~--> 
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to