InstantASP Community Forums
Home       Members    Calendar    Who's On
Welcome Guest ( Login | Register )
        

Home » Old Forums » InstantForum.NET 4.x » Release Discussion » Web.config authorizations
Web.config authorizations Expand / Collapse
Author
Message
Posted 22/07/2006 11:54:07


Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Customers
Last Login: 30/12/2008 00:19:04
Posts: 693, Visits: 2,419
My website uses InstantForum's API for User Authentication.  In several instances I use a web.config file within a sub-folder to allow/disallow certain roles.  With 4.1.4 it is not working (at least for me).  The authorization code within my site works perfectly, it's just the web.config, which is as follows:

<authorization>

<allow roles="Administrators, bla bla bla />

<deny users="*" />

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

</authorization>
..:: Bare ::..
http://www.livingformetal.com
Post #11312
Posted 24/07/2006 08:30:33


IF.NET 4.2 Coming Soon

IF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming Soon

Group: Administrators
Last Login: 05/01/2009 11:53:33
Posts: 1,959, Visits: 3,027
Hi Bare,

Sorry i missed your MSN. I've been keeping on eye out for you but you've not been online.

Just to give you some background on this problem. With v4.1.4 we have moved away from holding a delimited list of user roles associated with the current user in the UserData section of the forms authentication ticket. This was due to scaliability issues. If the user has 5000 roles associated with them the forms authentication cookie simply cannot hold this much data. .NET v2.0 has addressed this problem with role caching where they separate roles into separate cookies if the cookie length is exceeded. This is something we will be looking at further.

Currently you can use code similar to the following in your pages to restrict access.

Partial Class MyPage
  Inherits System.Web.UI.Page

Private ForumContext As InstantASP.InstantForum.HttpContext.ForumContext = _
InstantASP.InstantForum.HttpContext.ForumContext.Current

Protected Sub Page_Load(ByVal sender As Object , ByVal e As System.EventArgs) Handles Me .Load

' here we use the forum context object to return an instance of the current
' user object within the forum, i also show below how to return a specific user

' find role by name, returns Nothing if role is not found, else returns an instance of the role object
If ForumContext.CurrentUser.UserRolesCollection.FindRole("Administrator" ) Is Nothing Then
  Response.Redirect("~/NotAnAdminPage.aspx" )
End If

' find built-in required role by enumeration
If ForumContext.CurrentUser.UserRolesCollection.FindRole( _
InstantASP.Common.Enumerations.EnumRequiredRoles.Administrator) Is Nothing Then
  Response.Redirect("~/NotAnAdminPage.aspx" )
End If

' if you wanted to check if a specific user has permission you could use
' something similar to the following, here we retrieve the user object
' for the user with UserID 283 in the InstantASP_Users & InstantForum_Users table
Dim SpecificUserByID As New InstantASP.InstantForum.Components.User(283)

If SpecificUserByID.UserRolesCollection.FindRole("MyCustomRole" ) Is Nothing Then
  Response.Redirect("~/NotAnAdminPage.aspx" )
End If

' here we do a similar check but build the user object from a users email
' this just demonstrates another way to initialize the user object from the database
Dim SpecificUserByEmailAddress As New InstantASP.InstantForum.Components.User("me@mydomain.com")

If SpecificUserByEmailAddress.UserRolesCollection.FindRole("MyCustomRole" ) Is Nothing Then
  Response.Redirect("~/NotAnAdminPage.aspx" )
End If

End Sub
End Class

I've explained why this has changed and provided a few workarounds however i know just modifying the web.config can make this much easier than having to programatically control access. I'm looking for final to implement a application setting variable you can modify to store user roles within the cookie. This will allow you to use the web.config again to determine access based on roles. I hope this helps a little,




Kindest Regards,

Ryan Healey
Director / Developer

Explore our products...
http://demos.instantasp.co.uk/

Post #11320
Posted 24/07/2006 10:15:33


IF.NET 4.2 Coming Soon

IF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming SoonIF.NET 4.2 Coming Soon

Group: Administrators
Last Login: 05/01/2009 11:53:33
Posts: 1,959, Visits: 3,027
Hi Bare,

Just to confirm web.config authorization support will be back by default with v4.1.4 however you should consider the known scalability issue if you have lots of roles. I don't think it will be an issue with your install Bare.

This behaviour will be back in v4.1.4 RC1 expected later today or failing that first thing tomorrow morning. I would welcome any feedback. It will work exactly as before a machineKey specific encrypted pipe delimited list of role names will be held within the userdata section of the forms authentication ticket.

Making this change will also ensure support for System.Web.HttpContext.Current.User.IsInRole("") is back.

I'm hoping RC1 this will be the last release before final as the majority of the beta feedback has now been addressed, we will be looking at any outstanding issues between release candidate and final. I expect this to be a very short cycle.

I'll be posting more information once v4.1.4 RC1 has been uploaded within the My.InstantASP area


Kindest Regards,

Ryan Healey
Director / Developer

Explore our products...
http://demos.instantasp.co.uk/

Post #11324
Posted 26/07/2006 07:51:18
Forum Guru

Forum GuruForum GuruForum GuruForum GuruForum GuruForum GuruForum GuruForum Guru

Group: Customers
Last Login: 14/02/2007 06:04:53
Posts: 74, Visits: 207
Actually there is a way to keep RoleNames as a way to define Membership, if you don't want to change everything to RoleId's.

Instead of making SQL to create a long comma delimited string (SQL has limitations) you can do that in the VB NET instead, like in this example:

Dim connection As New System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings.Item("instantForum" ).ConnectionString)
Dim command As New System.Data.SqlClient.SqlCommand("sp_GetRoleNames" , connection)
command.CommandType = CommandType.StoredProcedure

Dim sda As New System.Data.SqlClient.SqlDataAdapter(command)
Dim dt As New DataTable
sda.Fill(dt)

Dim Roles(dt.Rows.Count - 1) As String
For ii As Int32 = 0 To dt.Rows.Count - 1
  Roles(ii) = dt.Rows(ii).Item("Role" )
Next

Robert

Post #11346
« Prev Topic | Next Topic »

Reading This Topic Expand / Collapse
Active Users: 0 (0 guests, 0 members, 0 anonymous members)
No members currently viewing this topic.
Forum Moderators: Ryan Healey, James Trott

Permissions Expand / Collapse

All times are GMT, Time now is 7:20pm

Powered by InstantForum.NET v4.1.4 © 2009
Execution: 0.047. 10 queries. Compression Disabled.
Home | Products | Purchase | Support | Company | Contact Us
Privacy Statement | © 1999-2007 InstantASP Limited. All Rights Reserved.