Controlling access to site folders if you cannot user Roles

Posted by DavidMadden on Geeks with Blogs See other posts from Geeks with Blogs or by DavidMadden
Published on Fri, 25 May 2012 14:08:34 GMT Indexed on 2012/05/30 16:43 UTC
Read the original article Hit count: 297

Filed under:

I find myself on an assignment where I could not use System.Web.Security.Roles.  That meant that I could not use Visual Studio's Website | ASP.NET Configuration.  I had to go about things another way.  The clues were in these two websites:

You can set in your web.config the restrictions on folders without having to set the restrictions in multiple folders through their own web.config file.  In my main default.aspx file in my protected subfolder off my main site, I did the following code due to MultiFormAuthentication (MFA) providing the security to this point:

        string role = string.Empty;
 
        if (((Login)Session["Login"]).UserLevelID > 3)
        {
            role = "PowerUser";
        }
        else
        {
            role = "Newbie";
        }
 
        FormsAuthenticationTicket ticket = 
new FormsAuthenticationTicket(
1,                 ((Login)Session["Login"]).UserID,                 DateTime.Now,                 DateTime.Now.AddMinutes(20),                 false,                 role,                 FormsAuthentication.FormsCookiePath);
 
        string hashCookies = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = 
new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);         Response.Cookies.Add(cookie);

This all gave me the ability to change restrictions on folders without having to restart the website or having to do any hard coding.

© Geeks with Blogs or respective owner