Re: custom principal becomes roleprincipal in pages
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Mar 2007 18:16:19 +0000 (UTC)
RoleManager places the RolePrincipal on Context.User. You can't use RoleManager when you are using a custom principal...
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I followed the partical "How To: Implement Iprincipal -- J.D. Meier,
Alex Mackman, Michael Dunner, and Srinath Vasireddy -- November 2002"
to implement a custom principal. After created the CustomPrincipalApp
exactly as described in the artical, I changed two things:
The first is that I use the Membership and Roles classes to do the
authentication and get all the roles for the logon user in
btnLogon_Click,
see the code below (the original lines are commented out):
//bool isAuthenticated = IsAuthenticated(txtUserName.Text,
txtPassword.Text);
bool isAuthenticated = Membership.ValidateUser(txtUserName.Text,
txtPassword.Text);
if (isAuthenticated == true)
{
//string roles = GetRoles(txtUserName.Text,
txtPassword.Text);
string[] roleArray =
Roles.GetRolesForUser(txtUserName.Text);
string delimiter = "|";
StringBuilder builder = new StringBuilder();
foreach (String item in roleArray)
{
builder.Append(item);
builder.Append(delimiter);
}
if (builder.Length > 0)
builder.Length = builder.Length -
delimiter.Length;
string roles = "";
roles = builder.ToString();
The second thing I did was to add entries to the web.config file to
use
membership and role database in MS SQL Server 2005 as below:
<membership defaultProvider="MySQLMembershipProvider">
<providers>
<clear/>
<add name="MySQLMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="CustomPrincipalApp"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresUniqueEmail="true"
requiresQuestionAndAnswer="true"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
applicationName="CustomPrincipalApp"
passwordFormat="Hashed"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="MySqlRoleProvider">
<providers>
<clear/>
<add connectionStringName="CustomPrincipalApp"
applicationName="CustomPrincipalApp"
name="MySqlRoleProvider"
type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
As soon as I did these two things, the CustomPrincipal assigned in the
Application_AuthenticateRequest event of Global.asax will be changed
to RolePrincipal at the Page_Load of default.aspx.
I saw someone posted same question sometimes ago with the same problem
and two soultions been provided. The first is said to put the codes
into event Application_PostAuthenticate instead of
Application_AuthenticateRequest, unfortunately, I do not know why, the
event Application_PostAuthenticate failed to fired. The second
solution said to disable the roleManager. If I do that, then the
function call Roles.GetRolesForUser will fail.
Can someone help out with this?
Thanks in advance!
.
- References:
- custom principal becomes roleprincipal in pages
- From: mdcxu
- custom principal becomes roleprincipal in pages
- Prev by Date: custom principal becomes roleprincipal in pages
- Next by Date: Persistent Cookie Problem
- Previous by thread: custom principal becomes roleprincipal in pages
- Next by thread: Persistent Cookie Problem
- Index(es):
Relevant Pages
|
