P
Peter Morris [Droopy eyes software]
Hi all
In my login form (forms authentication) I check that the login is valid,
retrieve an "Author" object, and keep track of the author's roles.
string[] roles;
if (author.IsAdministrator)
roles = new string[] {"Admin", "Member"};
else
roles = new string[] {"Member"};
Cache.Add(author.UniqueId, roles, null, DateTime.MaxValue,
TimeSpan.FromHours(1), CacheItemPriority.BelowNormal, null);
In my Global.asax.cs file I execute the following code in order to ensure
that the author's roles are available to forms authentication...
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
IIdentity userId = HttpContext.Current.User.Identity;
//Do we have some roles to retrieve? If so, replace the user object
if (HttpContext.Current.Cache[userId.Name] != null)
{
string[] roles = (string[]) HttpContext.Current.Cache[userId.Name];
HttpContext.Current.User =
new System.Security.Principal.GenericPrincipal(userId, roles);
}
}//user != null
}
The problem I have is that the host site seems to keep changing its mind as
to whether or not my login has the "Admin" role or not.
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Whenever I am navigating my way around within the /Admin folder, I will
(apparently randomly) be redirected to the Login page as if I were not an
Admin, or not authenticated. However, refreshing the /Admin/whatever.aspx
url repeatedly will eventually allow me to continue.
This fact is reflected in my menu control. I have an "Administration"
section which is displayed/hidden depending on
HttpContext.Current.User.IsInRole("Admin");
Repeatedly refreshing any page at all, including a page with no
restrictions, will (apparently randomly) show/hide the Administrator menu
items.
Can anyone shed some light onto this behaviour? The last point made seems
to indicate that the user identity is being lost somehow.
Thanks
--
Pete
====
ECO Modeler, Audio compression components, DIB graphics controls,
FastStrings
http://www.droopyeyes.com
Read or write articles on just about anything
http://www.HowToDoThings.com
My blog
http://blogs.slcdug.org/petermorris/
In my login form (forms authentication) I check that the login is valid,
retrieve an "Author" object, and keep track of the author's roles.
string[] roles;
if (author.IsAdministrator)
roles = new string[] {"Admin", "Member"};
else
roles = new string[] {"Member"};
Cache.Add(author.UniqueId, roles, null, DateTime.MaxValue,
TimeSpan.FromHours(1), CacheItemPriority.BelowNormal, null);
In my Global.asax.cs file I execute the following code in order to ensure
that the author's roles are available to forms authentication...
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
IIdentity userId = HttpContext.Current.User.Identity;
//Do we have some roles to retrieve? If so, replace the user object
if (HttpContext.Current.Cache[userId.Name] != null)
{
string[] roles = (string[]) HttpContext.Current.Cache[userId.Name];
HttpContext.Current.User =
new System.Security.Principal.GenericPrincipal(userId, roles);
}
}//user != null
}
The problem I have is that the host site seems to keep changing its mind as
to whether or not my login has the "Admin" role or not.
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Whenever I am navigating my way around within the /Admin folder, I will
(apparently randomly) be redirected to the Login page as if I were not an
Admin, or not authenticated. However, refreshing the /Admin/whatever.aspx
url repeatedly will eventually allow me to continue.
This fact is reflected in my menu control. I have an "Administration"
section which is displayed/hidden depending on
HttpContext.Current.User.IsInRole("Admin");
Repeatedly refreshing any page at all, including a page with no
restrictions, will (apparently randomly) show/hide the Administrator menu
items.
Can anyone shed some light onto this behaviour? The last point made seems
to indicate that the user identity is being lost somehow.
Thanks
--
Pete
====
ECO Modeler, Audio compression components, DIB graphics controls,
FastStrings
http://www.droopyeyes.com
Read or write articles on just about anything
http://www.HowToDoThings.com
My blog
http://blogs.slcdug.org/petermorris/