forms authentication problem
From: Terry (NTuser_Man@msn.com)
Date: 02/10/03
- Next message: M. Shawn Dillon: "BUG in .NET Framework 1.1 (v1.0.4322) System.Security.Cryptography"
- Previous message: Versteijn: "Changing permissions on ntfs files/folders"
- Next in thread: Terry: "Re: forms authentication problem"
- Reply: Terry: "Re: forms authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: NTuser_Man@msn.com (Terry) Date: 10 Feb 2003 12:49:50 -0800
Howdy,
I have a forms authentication problem. I am following examples of
including the user roles in the UserData section of the forms
authentication ticket. It appears that the user roles are being added
to the ticket but somehow they are not all being assigned to the user.
Only one role is assigned to a user.
My global.asax should assign to the current user all roles listed in
the user's authentication ticket.
Here is the script from my global.asax:
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
If (Not (HttpContext.Current.User Is Nothing)) Then
If HttpContext.Current.User.Identity.AuthenticationType = "Forms"
Then
Dim id As FormsIdentity
Dim tkt As FormsAuthenticationTicket
id = HttpContext.Current.User.Identity
tkt = id.Ticket
Dim Role() As String
Dim authcookie As HttpCookie
authcookie = Request.Cookies(FormsAuthentication.FormsCookieName)
tkt = CType(FormsAuthentication.Decrypt(authcookie.Value),
FormsAuthenticationTicket)
Role = Split(tkt.UserData, ",")
Dim principal = new GenericPrincipal(id, Role)
Context.User = principal
End If
End If
End Sub
Presumably all the roles are added to the ticket in the last three
lines of that script.
I can confirm that the roles are added to the ticket. On my
default.aspx document I verify that the roles have been added to the
user authorization ticket with the following script:
Dim id As FormsIdentity
Dim tkt As FormsAuthenticationTicket
id = HttpContext.Current.User.Identity
tkt = id.Ticket
Dim Role() As String
Dim authcookie As HttpCookie
authcookie = Request.Cookies(FormsAuthentication.FormsCookieName)
tkt = CType(FormsAuthentication.Decrypt(authcookie.Value),
FormsAuthenticationTicket)
Role = Split(tkt.UserData, ",")
Dim strItem As String
For each strItem in Role
Response.write("<BR>" & strItem)
Next
For my login the script returns:
Admin
Developer
This shows that all my roles have been added to the user authorization
ticket. Yes? No?
However, if I try a script to determine my roles:
If Context.User.IsInRole("Developer") then
response.write("You are a Developer!" )
Else
response.write("You are not a Developer!")
End If
If Context.User.IsInRole("Admin") then
response.write("You are an Admin!" )
Else
response.write("You are not an Admin!")
End If
If Context.User.IsInRole("Student") then
response.write("You are a Student!" )
Else
response.write("You are not a Student!")
End If
The return is:
You are not a Developer!
You are an Admin!
You are not a Student!
I do not understand the inconsistent results. There must be an error
that I have failed to locate. Please help me correct the error of my
ways.
Thanks,
--Terry
- Next message: M. Shawn Dillon: "BUG in .NET Framework 1.1 (v1.0.4322) System.Security.Cryptography"
- Previous message: Versteijn: "Changing permissions on ntfs files/folders"
- Next in thread: Terry: "Re: forms authentication problem"
- Reply: Terry: "Re: forms authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
