I'm trying to setup an application with forms authentication against an .mdb. I would like to create subdirectories inside the main applications directories and restrict access to these directories based on role. My application resides in directory named "secure" and has subdirectory "TBC" which requires the role of "tbc" to access it.
The form authentication works for the secure directory and for the subdirectories as long as I restrict access by username. However, if I restrict by role then it acts as if the user does not have the proper role assigned. I believe my problem is in the global.aspx file - for some reason the role is not assigned to the pricipal.
Can anyone help? A quick thing that would be helpful is if I could verify what roles I have assigned a user after executing the procedure in the global.aspx file. Is there a way to dump the contents of the generic.principal into a label.text or something so that I can begin to troubleshoot?
global.aspx
<script runat="server">
Sub Application_AuthenticateRequest(sender As Object, e As EventArgs)
If Request.IsAuthenticated Then
'Determine this user's roles
Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=d:\security.mdb"& _
""
Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
Dim queryString As String = "SELECT [Security].[role] FROM [Security] WHERE ([Security"& _
"].[uname] = @uname)"
Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
dbCommand.CommandText = queryString
dbCommand.Connection = dbConnection
Dim dbParam_uname As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
dbParam_uname.ParameterName = "@uname"
dbParam_uname.Value = user.identity.name
dbParam_uname.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_uname)
Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.OleDb.OleDbDataAdapter
dataAdapter.SelectCommand = dbCommand
Dim dataSet As System.Data.DataSet = New System.Data.DataSet
dataAdapter.Fill(dataSet)
dim user_role as string = dataset.tables(0).rows(0).item(0)
dim role_list as new arraylist
dim role_list_array as string() = role_list.toarray(gettype(string))
role_list.add(user_role)
'Add the roles to the User Principal
HttpContext.Current.User = New GenericPrincipal(User.Identity, role_list_array)
End If
' Sub Application_Start(Sender As Object, E As EventArgs)
' Code that runs on application startup
' End Sub
' Sub Application_End(Sender As Object, E As EventArgs)
' Code that runs on application shutdown
' End Sub
' Sub Application_Error(Sender As Object, E As EventArgs)
' Code that runs when an unhandled error occurs
' End Sub
'Sub Session_Start(Sender As Object, E As EventArgs)
' Code that runs when a new session is started
'End Sub
'Sub Session_End(Sender As Object, E As EventArgs)
' Code that runs when a session ends
'End Sub
End Sub
</script>
webconfig (secure directory)
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
web.config (tbc directory)
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<compilation debug="true"/>
<authorization>
<allow roles="tbc" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
The form authentication works for the secure directory and for the subdirectories as long as I restrict access by username. However, if I restrict by role then it acts as if the user does not have the proper role assigned. I believe my problem is in the global.aspx file - for some reason the role is not assigned to the pricipal.
Can anyone help? A quick thing that would be helpful is if I could verify what roles I have assigned a user after executing the procedure in the global.aspx file. Is there a way to dump the contents of the generic.principal into a label.text or something so that I can begin to troubleshoot?
global.aspx
<script runat="server">
Sub Application_AuthenticateRequest(sender As Object, e As EventArgs)
If Request.IsAuthenticated Then
'Determine this user's roles
Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=d:\security.mdb"& _
""
Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
Dim queryString As String = "SELECT [Security].[role] FROM [Security] WHERE ([Security"& _
"].[uname] = @uname)"
Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
dbCommand.CommandText = queryString
dbCommand.Connection = dbConnection
Dim dbParam_uname As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
dbParam_uname.ParameterName = "@uname"
dbParam_uname.Value = user.identity.name
dbParam_uname.DbType = System.Data.DbType.String
dbCommand.Parameters.Add(dbParam_uname)
Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.OleDb.OleDbDataAdapter
dataAdapter.SelectCommand = dbCommand
Dim dataSet As System.Data.DataSet = New System.Data.DataSet
dataAdapter.Fill(dataSet)
dim user_role as string = dataset.tables(0).rows(0).item(0)
dim role_list as new arraylist
dim role_list_array as string() = role_list.toarray(gettype(string))
role_list.add(user_role)
'Add the roles to the User Principal
HttpContext.Current.User = New GenericPrincipal(User.Identity, role_list_array)
End If
' Sub Application_Start(Sender As Object, E As EventArgs)
' Code that runs on application startup
' End Sub
' Sub Application_End(Sender As Object, E As EventArgs)
' Code that runs on application shutdown
' End Sub
' Sub Application_Error(Sender As Object, E As EventArgs)
' Code that runs when an unhandled error occurs
' End Sub
'Sub Session_Start(Sender As Object, E As EventArgs)
' Code that runs when a new session is started
'End Sub
'Sub Session_End(Sender As Object, E As EventArgs)
' Code that runs when a session ends
'End Sub
End Sub
</script>
webconfig (secure directory)
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
web.config (tbc directory)
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<compilation debug="true"/>
<authorization>
<allow roles="tbc" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
![[yawn]](/data/assets/smilies/yawn.gif "[yawn] [yawn]")
![[morning]](/data/assets/smilies/morning.gif "[morning] [morning]")