IsInRole problem

C

Colin Peters

Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole
based upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers
 
C

Colin Peters

Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.
 
P

Patrick Allmond - Focus Consulting Inc

Colin - What ever came of this?

Colin Peters said:
Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

Colin said:
Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole based
upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers
 
K

KMA

Patrick,

You have no idea of how my heart leapt when I saw a reply to my
question.....

.... only to find you probably have the same problem.

Progress so far.

It seems that session is screwed up on the host machine. I put DivZero code
in session start and it never gets called. So I'm going to see if the host
can rectify it and if not I'll try another host.

Still, I did learn more about Roles and session.

Thanks for the interest.

Patrick Allmond - Focus Consulting Inc said:
Colin - What ever came of this?

Colin Peters said:
Session_Start isn't firing either. What's going on? I have

sessionState
mode="InProc"

This is getting plain silly.

Colin said:
Hi,

I have the following problem:

I've implemented role based security and it worked fine on both my local
dev machine and my remote shared host. Now it only works on my dev
machine. My shared host had some unidentified problems but I'm not sure
they are related so I can't really ask them to change something.

So I thought I'd investigate myself. I found by outputing to the page in
the prod environment, that I get the right roles via:

FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split(',');

so I know the roles are stored int he cookie OK.

In the Application_AuthenticateRequest method I then use this info thus:
HttpContext.Current.User = new GenericPrincipal(id, roles);

But when I go to retrieve the roles:

Type type = princ.GetType();
FieldInfo field = type.GetField("m_roles", BindingFlags.Instance |
BindingFlags.NonPublic);
String[] roles = (String[]) field.GetValue(princ);


I find that it is empty. Also using User.IsInRole function never returns
true even though I know I have that role from the previous output.

All of the above works fine on my dev machine, so I'm trying to find out
what can have an influence on this. Does the machine.cfg file have any
settings? Can IIS setup make a difference?

I'm rather puzzled, and tempted to write my own version of IsInRole based
upon what I can extract myself from the cookie.

Also, it seems that Session_End is also not firing? I get the impression
that my host has fixed one thing and broken another. What can I check to
give them some proof of what's at fault?

Cheers
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top