FormsAuthentication - Roles

[Peter Morris [Air Software Ltd]]

Hi

I validate the username/password and then execute the following code

System.Web.Security.FormsAuthentication.RedirectFromLoginPage(
authorId, RememberCheckBox.Checked
);

One folder I want to restrict to anyone logged in.....

<location path="Members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

On another folder I want to restrict access only to a member which has
"IsAdministrator" set to True in the database.

<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>

Is this correct? How do I tell FormsAuthentication that the current user
has the Admin role?

Thanks


--
Pete
====
Read or write articles on just about anything
http://www.HowToDoThings.com

My blog
http://blogs.slcdug.org/petermorris/

 

[Saravana]

Check out this article,

How To Implement Role-Based Security with Forms-Based Authentication in Your
ASP.NET Application by Using Visual Basic .NET
http://support.microsoft.com/default.aspx?scid=kb;EN-US;306238

 

[Peter Morris [Air Software Ltd]]

Hi

Thanks for the link.

Application_AuthenticateRequest

Does this event get called only once when the user logs in, or every time a
page is requested for which the user must be authenticated?

If it is only called once, do the roles get stored in the persistent cookie,
or on the server somewhere?

Finally, if the roles are on the server, and the user comes back with a
persistent cookie 6 months later, is this event triggered again so that the
roles may be established?

Thank you for your help.


--
Pete
====
Read or write articles on just about anything
http://www.HowToDoThings.com

My blog
http://blogs.slcdug.org/petermorris/

 

[Saravana]

This event fires for every request. You can check out this link for more
details,
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx