Protect Non-ASP Files
From: Matt Rutherford (matt.l.rutherford@census.gov)
Date: 03/27/03
- Next message: YA: "session variables disappeared when recompiling"
- Previous message: Mark Walker: "Are domain/machine names required when specifying roles"
- Next in thread: Cy Huckaba: "Re: Protect Non-ASP Files"
- Reply: Cy Huckaba: "Re: Protect Non-ASP Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Matt Rutherford" <matt.l.rutherford@census.gov> Date: Thu, 27 Mar 2003 15:21:34 -0500
I am trying to restrict access to certain non-asp files, based on
information stored in a sql server database. I have tried setting up
roles/forms authentication to try and restrict access to these (PDF) files.
What I am trying to do with this, is load each file the user is able to see
into a "role". Then check to see which file link they have clicked on, then
compare to the roles they are allowed to see, and then allow it to be viewed
if the role exists. I'm sure there are better ways to do what I am trying
to do (please let me know if there is!!!), but my problem with this method,
is when the code gets to the line comparing the GetRedirectURL with the
IsInRole directive, the GetRedirectURL points to the last shown ASPX file,
not the PDF they clicked on... HELP??
Here is my web.config entries
<authentication mode="Forms"><forms name=".PROCAUTH"
loginUrl="http://localhost/proceduresdev/login.aspx"
timeout="30"></forms></authentication>
Here is my Application_Authenticate Request entries:
If Request.IsAuthenticated = True Then
Dim authName As String = User.Identity.Name
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("cnString"))
Dim cm As SqlCommand = New SqlCommand("spSELAllowedProc", cn)
Dim dr As SqlDataReader
Dim i As Integer = 1
FormsAuthentication.Initialize()
cn.Open()
cm.CommandType = CommandType.StoredProcedure
cm.Parameters.Add("@prmUserName", authName)
dr = cm.ExecuteReader
Dim arrRoles() As String
Do While dr.Read
ReDim Preserve arrRoles(i + 1)
arrRoles(i) = "http://localhost/proceduresdev/" & dr("FileLocation")
i += 1
Loop
cn.Close()
Dim objIdentity As GenericIdentity = New GenericIdentity(authName)
Context.User = New GenericPrincipal(objIdentity, arrRoles)
If Not User.IsInRole(FormsAuthentication.GetRedirectUrl(User.Identity.Name,
False)) Then
Response.Redirect("unauth.aspx")
End If
End If
- Next message: YA: "session variables disappeared when recompiling"
- Previous message: Mark Walker: "Are domain/machine names required when specifying roles"
- Next in thread: Cy Huckaba: "Re: Protect Non-ASP Files"
- Reply: Cy Huckaba: "Re: Protect Non-ASP Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
