RE: Role Based Security
From: Steven Cheng[MSFT] (v-schang_at_online.microsoft.com)
Date: 03/24/04
- Next message: Ravichandran J.V.: "Re: Default page + logon page"
- Previous message: [MSFT]: "RE: I want asp.net to act as a different user than the one that is currently logged on IS THIS POSSIBLE!!!"
- In reply to: A.M: "Role Based Security"
- Next in thread: A.M: "Re: Role Based Security"
- Reply: A.M: "Re: Role Based Security"
- Reply: A.M: "Re: Role Based Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 03:16:19 GMT
Hi Ali,
>From you descriptioin, you're going to implement Role-Based Security with
Forms-Based Authentication in Your ASP.NET Application via the guide in KB
311495. However, since this need the asp.net app to retrieve the request's
user's principal and set the proper roles everytime, you are wondering
whether it's necessary to retrieve the roles from database everytime or
will it cause performance issue and is there any other means to avoid
this,yes?
As for this problem, I think we can make use of the
FormsAuthenticationTicket class's "UserData" property which is a string
member. Then we can concat all the roles into a single string and store it
as the UserData in the Authentication Ticket into client authentication
cookie. For example:
string[] roles = {"user","manager","admin"};
string userData = string.Join("#",roles);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
email,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
For more detailed info on the FormsAuthenticationTicket class, you may view
the following referenec in MSDN:
#FormsAuthenticationTicket Class
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemWebSecurityFor
msAuthenticationTicketClassTopic.asp?frame=true
In addition, here are another two tech articles discussing on imlement role
based formauthentication in ASP.NET:
http://www.eggheadcafe.com/articles/20020906.asp
http://www.4guysfromrolla.com/webtech/121901-1.2.shtml
Hope they also help.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
- Next message: Ravichandran J.V.: "Re: Default page + logon page"
- Previous message: [MSFT]: "RE: I want asp.net to act as a different user than the one that is currently logged on IS THIS POSSIBLE!!!"
- In reply to: A.M: "Role Based Security"
- Next in thread: A.M: "Re: Role Based Security"
- Reply: A.M: "Re: Role Based Security"
- Reply: A.M: "Re: Role Based Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
