RE: IsInRole always returns false?

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 10/11/05

Next message: Ken Varn: "Question about handles when doing impersonation."
Previous message: Dominick Baier [DevelopMentor]: "Re: IIS and FQDN authentication confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 11 Oct 2005 12:37:26 -0700

Hello Dave,

yes -you have to set Context.User

after AuthenticateRequest there is a undocumented event called DefaultAuthentication
which just does this:

Thread.CurrentPrincipal = Context.User;

to keep both values in sync - if you set CurrentPrincipal in your event handler
it will be immediately overwritten.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Nevermind, I got it by slightly changing the code below to:
>
> Context.User = new
> System.Security.Principal.GenericPrincipal(Context.User.Identity,
> arrRoles);
>
> "Dave" wrote:
>
>> Hi,
>>
>> I'm using Windows authentication with impersonation turned on but I
>> wanted to pull user roles from my database. Once I person logs in, I
>> want to check their roles.
>>
>> I have the following code that loads an array of roles for a
>> person(hardcoded in this sample but will be pulled from a database
>> later base
>> on the user's identity.)
>> However, in subsequent pages when I want to show certain links for an
>> "Admin", User.IsInRole("Admin") always returns false. Is my
>> implementation
>> wrong? I don't want to rely on Windows groups but would rather
>> maintain the
>> roles in my db which I have more control.
>> protected void Application_AuthenticateRequest(Object sender,
>> EventArgs e)
>> {
>> if (Request.IsAuthenticated)
>> {
>> //These will eventually be pulled from database's UserRole table...
>> string[] arrRoles = new string[]{"Admin", "User"};
>> //Add our Principal to the current context
>> System.Threading.Thread.CurrentPrincipal = new
>> System.Security.Principal.GenericPrincipal(Context.User.Identity,
>> arrRoles);
>> }
>> }

Next message: Ken Varn: "Question about handles when doing impersonation."
Previous message: Dominick Baier [DevelopMentor]: "Re: IIS and FQDN authentication confusion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Windows Authentification against a list of users
... This might be a better question posed to the aspnet security newsgroup as ... I'm kind of surprised that AuthenticateRequest gets called if the user ... >> One thing you might do would be to validate against a group in the ... >> as your list of allowed users instead of your database though. ...
(microsoft.public.dotnet.security)
Re: HttpContext.Current.User.Identity.IsAuthenticated
... no - the IPrincipal on Context.User is created in the AuthenticateRequest ... public virtual bool IsAuthenticated ... > Just wondering if I should perform this once when a user logs into my ... > site then store in a session as to not repeatidly hit the database as ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Need to create in-memory store for authorization roles
... It may not be an option for you, but I've always used an encrypted cookie, this is when I use forms authentication though. ... When AuthenticateRequest comes along, I unencrypt the cookie, assign the roles, and attach it to the context. ... I know I can go get the roles from the database and add them ... > know that at the point where I need this the session state bag is not yet ...
(microsoft.public.dotnet.framework.aspnet)