C
Colin Peters
Hi,
I have the following problem:
I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.
So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
so I know the roles are stored int he cookie OK.
In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);
But when I go to retrieve the roles:
Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);
I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.
All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?
I'm rather puzzled, and tempted to write my own version of IsInRole
based upon what I can extract myself from the cookie.
Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?
Cheers
I have the following problem:
I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.
So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');
so I know the roles are stored int he cookie OK.
In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);
But when I go to retrieve the roles:
Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);
I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.
All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?
I'm rather puzzled, and tempted to write my own version of IsInRole
based upon what I can extract myself from the cookie.
Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?
Cheers