Controlling access to site folders if you cannot user Roles
Posted
by DavidMadden
on Geeks with Blogs
See other posts from Geeks with Blogs
or by DavidMadden
Published on Fri, 25 May 2012 14:08:34 GMT
Indexed on
2012/05/30
16:43 UTC
Read the original article
Hit count: 297
I find myself on an assignment where I could not use System.Web.Security.Roles. That meant that I could not use Visual Studio's Website | ASP.NET Configuration. I had to go about things another way. The clues were in these two websites:
- http://www.csharpaspnetarticles.com/2009/02/formsauthentication-ticket-roles-aspnet.html
- http://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspxhttp://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspx
You can set in your web.config the restrictions on folders without having to set the restrictions in multiple folders through their own web.config file. In my main default.aspx file in my protected subfolder off my main site, I did the following code due to MultiFormAuthentication (MFA) providing the security to this point:
string role = string.Empty;
if (((Login)Session["Login"]).UserLevelID > 3) { role = "PowerUser"; } else { role = "Newbie"; }
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(
1, ((Login)Session["Login"]).UserID, DateTime.Now, DateTime.Now.AddMinutes(20), false, role, FormsAuthentication.FormsCookiePath);
string hashCookies = FormsAuthentication.Encrypt(ticket); HttpCookie cookie =
new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); Response.Cookies.Add(cookie);
This all gave me the ability to change restrictions on folders without having to restart the website or having to do any hard coding.
© Geeks with Blogs or respective owner