RE: Roles based Forms Auth - denied pages redirect

From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 07/21/04 

Date: Wed, 21 Jul 2004 16:47:55 GMT

Hi Shaun,

The fact that you are doing this successfully with an HttpModule confirms a
post that I just made in another thread. I wasn't sure if it was possible,
but figured that an HttpModule would be the only possible way.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
jamesche@online.microsoft.com

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
>Thread-Topic: Roles based Forms Auth - denied pages redirect
>thread-index: AcRvAfKA88UipZTAQUOeq6ZPy9Ei4A==
>X-WBNR-Posting-Host: 194.205.4.1
>From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
>References: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>
<b826yGabEHA.3848@cpmsftngxa06.phx.gbl>
>Subject: RE: Roles based Forms Auth - denied pages redirect
>Date: Wed, 21 Jul 2004 02:06:02 -0700
>Lines: 93
>Message-ID: <6ACC939C-66FB-4C63-8B42-3898F53FA78A@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:10889
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Jim,
>
>Thanks for getting back to me. Here's what I have done so far .....
>
>I have a site with many different content areas that users can subscribe
to. Each of these areas (in its own folder) has a web.config to specify
the roles allowed access, the user belongs to the roles allowed for the
subscribed areas.
>
>As I could not find a way to do the custom error page I have used the
usual code in global.asax to retrieve the roles that were stored in the
UserData of the AuthenticationTicket at login.
>Then an HttpModule is used to to look back up the path of the request and
find the nearest upstream web.config from which the roles are extracting
using an XPath query. From these I can find out if the user is allowed
access to the content.
>Obviously this is not ideal as there is lots of IO in finding the
web.config file. I am caching them and working on a way of parsing the
requests path to reduce the IO further.
>
>If this is the only way to go then I will continue down this path. Just a
shame that the 'deny' from the web.config cannot be used to trigger a
redirect to a custom page - from which I could tell the user they are not
subscribed to that content area etc.
>
>Thanks again for your time,
>
>Shaun
>
>
>--------------------------
>Shaun Venus
>
>emailid: sunevnuahs
>domain: hotmail.com
>--------------------------
>
>
>"Jim Cheshire [MSFT]" wrote:
>
>> Shaun,
>>
>> Are you trying to do something along the lines of a customErrors page
for a
>> 401? If so, that's not possible.
>>
>> Jim Cheshire [MSFT]
>> MCP+I, MCSE, MCSD, MCDBA
>> Microsoft Developer Support
>> jamesche@online.microsoft.com
>>
>> This post is provided "AS-IS" with no warranties and confers no rights.
>>
>> --------------------
>> >Thread-Topic: Roles based Forms Auth - denied pages redirect
>> >thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
>> >X-WBNR-Posting-Host: 194.205.4.1
>> >From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
>> >Subject: Roles based Forms Auth - denied pages redirect
>> >Date: Mon, 19 Jul 2004 02:06:03 -0700
>> >Lines: 18
>> >Message-ID: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl
>> microsoft.public.dotnet.framework.aspnet.security:10854
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>> >
>> >I would like to know how, if at all possible, a custom redirect page
can
>> be setup for when a users role(s) are denied to a page.
>> >The default behaviour seems to be back to the default/login page but I
>> need to tell the user that they are not allowed the access the requested.
>> >The site in question in basically just html pages pages that have no
code
>> in them, so I cannot use page behind code. I also set permissions to
>> various parts of the site using web.config files and cannot hard-code
>> checking in the pages as this may change.
>> >
>> >This is my second attemt to find out.
>> >
>> >For now I am finding the next 'upstream' web.config in an httpmodule
and
>> checking the users roles against those int he web.config.
>> >This is far from ideal - surely forms auth should handle this so I do
not
>> have to write such code and lookup web.config files for each request (I
>> know these could be cached, but still not ideal).
>> >
>> >Thanks in advance ......
>> >
>> >
>> >--------------------------
>> >Shaun Venus
>> >
>> >emailid: sunevnuahs
>> >domain: hotmail.com
>> >--------------------------
>> >
>>
>>
>

Relevant Pages

  • RE: Best way to monitor online user activity?
    ... HttpModule should be a good approach. ... handler that process the request. ... you can create a custom httpmodule and configure it behind ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Best way to monitor online user activity?
    ... HttpModule should be a good approach. ... handler that process the request. ... you can create a custom httpmodule and configure it behind ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: I cant get httpWorkerRequest.ReadEntityBody() to work !!!
    ... ASP.NET Httpmodule to intercept file upload requests. ... The HttpWorkerRequest class is a raw abstract class ... help us access the uploaded file streams in the Multi-Part form request. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: HTTPModule not called for non-existant pages
    ... But what you say seems to be working - at least insofar as the HttpModule ... being triggered when the request is for any kind of .aspx. ... the handler is still not ... >> path does not allow browsing, then I get Directory Listing Denied error. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Roles based Forms Auth - denied pages redirect
    ... As I could not find a way to do the custom error page I have used the usual code in global.asax to retrieve the roles that were stored in the UserData of the AuthenticationTicket at login. ... Then an HttpModule is used to to look back up the path of the request and find the nearest upstream web.config from which the roles are extracting using an XPath query. ... I am caching them and working on a way of parsing the requests path to reduce the IO further. ... >>Shaun Venus ...
    (microsoft.public.dotnet.framework.aspnet.security)