RE: How do I keep a FormsAuthenticationTicket up to date ?

From: Jonathan Ruckert (jruckert_AT_novaworks_DOT_com_DOT_au)
Date: 03/25/04 

Date: Wed, 24 Mar 2004 19:06:06 -0800

In the Global.asax file find the following function and modify to suit, this should be what you are looking for.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
        if (HttpContext.Current.User != null)
        {
                if (HttpContext.Current.User.Identity.IsAuthenticated)
                {
                        if (HttpContext.Current.User.Identity is FormsIdentity)
                        {
                                // Get Forms Identity From Current User
                                FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                                // Get Forms Ticket From Identity object
                                FormsAuthenticationTicket ticket = id.Ticket;
                                // Retrieve stored user-data (our roles from db)
                                string userData = ticket.UserData;
                                
// UPDATE USER ROLES HERE WITH DB ETC.

                                // Create a new Generic Principal Instance and assign to Current User
                                HttpContext.Current.User = new GenericPrincipal(id, roles);
                        }
                }
        }
}

Cheers,
Jonathan Ruckert
     
     ----- Fresh Air Rider wrote: -----
     
     Hi All
     
     I have written a website in DotNet (C#) which uses Role-based Security
     with Forms Authentication
     When a user logs in, their roles are retrieved from a SQL Server
     database and an authentication ticket is created.
     
     My only problem is that a User should only have to login every few
     months but I want any changes made to a users permissions record in
     the database to be picked up every time the user logs in.
     
     In other words, if a user has been granted an "Admin" role and then
     has this role revoked because they have misused it, I want the user to
     be prevented from accessing the "Administration" area next time he or
     she accesses the website.
     
     I'm guessing that I Would need to update the
     FormsAuthenticationTicket, possibly within the Session_Start section
     of Global.asax.cs
     
     If anyone could please give me some advice or a URL of an article
     which covers this then I would be very grateful.
     
     Many thanks in advance
     John
     

Relevant Pages

  • Re: How do I synchronise Role Based Security ?
    ... try adding some more information to the UserData property of the ... > When a user logs in, their roles are retrieved from a SQL Server ... > database and an authentication ticket is created. ... > the database to be picked up every time the user logs in. ...
    (microsoft.public.dotnet.csharp.general)
  • RE: Default Values
    ... the database can open a hidden form that holds the UserID so it can be referenced other places or ... When a user logs in, the database can store their UserID as a global variable that can be referenced anywhere in the database ...
    (microsoft.public.access.tablesdbdesign)
  • Newbie - How to fill forms without a button click
    ... Automatically filling in a form from a database. ... When the user logs in, it should take the user to something like the ... Holland Projects ...
    (microsoft.public.scripting.vbscript)
  • Re: Session Cannot Always Access Database
    ... > I have a site where a user logs in and a session variable I created is ... > Thanks for any insight as to what may be causing this. ... I would guess that you have your database name stored as a session ... subscriptions, and you were looking for a firstname, you might have ...
    (comp.lang.php)
  • Re: Website Development
    ... I'll absolutely need a database, and a method where the ... user logs in. ... but top posting seems to make sense for some replies. ... > microsoft.public.scripting.jscript "Jonathan Wood" ...
    (microsoft.public.scripting.jscript)