andycharger Posted October 2, 2003 Posted October 2, 2003 Im trying to change the security on my intranet to act on Roles as well as users. Im my web.config file, I have set the procs folder to only let in the user role "admin". See below: <location path="procs"> <system.web> <authorization> <allow roles="admin" /> <deny users="*"/> </authorization> </system.web> </location> Im sure that is correct. Now what I want to do is.... when im logging on, I must have to store the user roles somewhere. I have read a few websites and forums and they all show something like this: Dim objIdentity As GenericIdentity = New GenericIdentity(myReader("UserName")) Dim objPrincipal As GenericPrincipal = New GenericPrincipal(objIdentity, strRole) Thread.CurrentPrincipal = objPrincipal Trouble is, the "strRole" part falls over saying it cannot cast to a 1 dimensional array. I am getting really fed up now! Please help me before I go insane!!! Can someone provide me a good example piece of code of setting up the user roles thing? Andy Quote
Administrators PlausiblyDamp Posted October 2, 2003 Administrators Posted October 2, 2003 Dim objIdentity As GenericIdentity = New GenericIdentity(myReader("UserName")) dim strRoles() as string = {"sales", "Accounts", "TeaBoy"} Dim objPrincipal As GenericPrincipal = New GenericPrincipal(objIdentity, strRoles) Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
andycharger Posted October 2, 2003 Author Posted October 2, 2003 That seems to get past the error message but it just sends me back to the login page even when I give it a correct logon. I have the roles set to "admin" in web.config and I have changed the strRoles to read "admin" too. It wont let me in. Any ideas? Quote
andycharger Posted October 2, 2003 Author Posted October 2, 2003 Also, i noticed using that code that in the locals watch window, the value of strRoles is coming out as {length=1} and not "admin". Quote
Administrators PlausiblyDamp Posted October 2, 2003 Administrators Posted October 2, 2003 You are getting a length of 1 because it is an array of strings, not a string. Could you post a code snippet to show how you are validating the user? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
andycharger Posted October 2, 2003 Author Posted October 2, 2003 Yeah, no problem... Im using Forms authentication. So in web.config, it looks like this: <location path="procs"> <system.web> <authorization> <allow roles="admin"/> <deny users="*"/> </authorization> </system.web> </location> <authentication mode="Forms"> <forms loginUrl="logon/logon.aspx"></forms> </authentication> In my page, it looks like this Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim strSql As String Dim strUsername As String Dim strPW As String Dim cnSQL As String cnSQL = ConfigurationSettings.AppSettings("ConnectionString") strUsername = TextBox1.Text strPW = TextBox2.Text If strUsername = "" Then Response.Write("You did not enter a username") Else If strPW = "" Then Response.Write("You did not enter a password") Else strSql = "Select * from Users u,Userroles r where u.username = '" & strUsername & "' and u.password='" & strPW & "' and u.userlevel = r.user_id " CreateMySqlDataReader(strSql, cnSQL) End If End If End Sub Public Sub CreateMySqlDataReader(ByVal mySelectQuery As String, _ ByVal myConnectionString As String) Dim myConnection As New SqlConnection(myConnectionString) Dim myCommand As New SqlCommand(mySelectQuery, myConnection) myCommand.Connection.Open() Dim strName As String Dim strError As String Dim myReader As SqlDataReader = myCommand.ExecuteReader(CommandBehavior.CloseConnection) If myReader.Read() Then Dim ckCookie As New HttpCookie("UserCookie") Dim strUserID As String strUserID = myReader("UserID") Session("UserID") = myReader("UserID") Session("UserName") = myReader("UserName") Session("FirstName") = myReader("FirstName") Session("UserLevel") = myReader("UserLevel") Session("UserType") = myReader("user_type") ckCookie.Value = strUserID.ToString() Dim objIdentity As GenericIdentity = New GenericIdentity(myReader("UserName")) Dim strRoles() As String = {"admin"} Dim objPrincipal As GenericPrincipal = New GenericPrincipal(objIdentity, strRoles) FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, PersistCookie.Checked) Console.WriteLine(myReader.GetString(0)) Else strError = "Either your username or password were incorrect." End If myReader.Close() myConnection.Close() End Sub Any ideas? Thanks for your help plausibly!!!! Quote
Administrators PlausiblyDamp Posted October 2, 2003 Administrators Posted October 2, 2003 What page where you trying to get to? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
andycharger Posted October 2, 2003 Author Posted October 2, 2003 A page in my procs folder. At the moment, I have a logon authentication that just makes sure they are a valid user and lets them in by using the <users="?"/> command in web.config. If they are not logged in, it refers them to the logon.aspx page. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.