.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Forms Authentication and Roles
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngsec' list.


Brandon
Hi all

I'm using ASP.NET's built in forms authentication. I have all the user information, including the roles stored in a database. I limit access to areas of the site by defining which roles can access which virtual paths in the Web.config file. It all works very well.

My question is, when ASP.NET denies access to a certain area, it bounces that person to the login screen. Now the user in question could very well be authenticatd, he/she just doesn't have access to that area. Is there a way to determin if someone was denied access to an area once they reach the login form?

Maybe I sound confusing. In th Web.config you define the URL to the login form that peple get sent to when they are denied access to a certain area. Some of he users end up at this form, even when they are authenticated simply because they aren't the correct role. Is there a way in the web.config to define a page people get sent to if they are denied access to an area because they don't have the proper authority versus a place to "login"?

I hope I was clear...

Brandon
Reply to this message...
 
    
Brad Kingsley
I'm not sure if this is what you want, but you can use "user.identity.name" to see what username (if any) is assigned to the active user.

~Brad Kingsley
Microsoft MVP - ASP
Windows 2000 MCSE

http://www.orcsweb.com/
Powerful Web Hosting Solutions
#1 in Service and Support

----- Original Message -----
From: Brandon
To: aspngsec
Sent: Saturday, July 13, 2002 11:48 AM
Subject: [aspngsec] Forms Authentication and Roles

Hi all

I'm using ASP.NET's built in forms authentication. I have all the user information, including the roles stored in a database. I limit access to areas of the site by defining which roles can access which virtual paths in the Web.config file. It all works very well.

My question is, when ASP.NET denies access to a certain area, it bounces that person to the login screen. Now the user in question could very well be authenticatd, he/she just doesn't have access to that area. Is there a way to determin if someone was denied access to an area once they reach the login form?

Maybe I sound confusing. In th Web.config you define the URL to the login form that peple get sent to when they are denied access to a certain area. Some of he users end up at this form, even when they are authenticated simply because they aren't the correct role. Is there a way in the web.config to define a page people get sent to if they are denied access to an area because they don't have the proper authority versus a place to "login"?

I hope I was clear...

Brandon
| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Mark Feinholz
There are many ways to plug into the forms security model - and make it
work for you. Probably the easiest to solve your specific problem is
simply to check in the Load event of your login page (the one configured
to be redirected to) if the user is already authenticated
User.Identity.IsAuthenticated. If they are, that means you got there as
a result of not being authorized - then you can simply redirect/transfer
to a page that is better suited to handling this situation.

-----Original Message-----
From: Brad Kingsley [mailto:Click here to reveal e-mail address]
Sent: Saturday, July 13, 2002 1:12 PM
To: aspngsec
Subject: [aspngsec] Re: Forms Authentication and Roles

I'm not sure if this is what you want, but you can use
"user.identity.name" to see what username (if any) is assigned to the
active user.

~Brad Kingsley
Microsoft MVP - ASP
Windows 2000 MCSE

<http://www.orcsweb.com/> http://www.orcsweb.com/
Powerful Web Hosting Solutions
#1 in Service and Support

----- Original Message -----
From: Brandon <mailto:Click here to reveal e-mail address>
To: aspngsec <mailto:Click here to reveal e-mail address>
Sent: Saturday, July 13, 2002 11:48 AM
Subject: [aspngsec] Forms Authentication and Roles

Hi all

I'm using ASP.NET's built in forms authentication. I have all the user
information, including the roles stored in a database. I limit access to
areas of the site by defining which roles can access which virtual paths
in the Web.config file. It all works very well.

My question is, when ASP.NET denies access to a certain area, it bounces
that person to the login screen. Now the user in question could very
well be authenticatd, he/she just doesn't have access to that area. Is
there a way to determin if someone was denied access to an area once
they reach the login form?

Maybe I sound confusing. In th Web.config you define the URL to the
login form that peple get sent to when they are denied access to a
certain area. Some of he users end up at this form, even when they are
authenticated simply because they aren't the correct role. Is there a
way in the web.config to define a page people get sent to if they are
denied access to an area because they don't have the proper authority
versus a place to "login"?

I hope I was clear...

Brandon
| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
 




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification