SUMMARY
This article describes how to implement role-based security
in an ASP.NET application that implements forms-based authentication using
Visual C# .NET
Back to the topRequirements
This article assumes that you have already implemented
forms-based authentication on an ASP.NET application.
301240 How To Implement Forms-Based Authentication in Your ASP.NET Application Using C# .NET
Assign the Roles to the Authenticating User
Because forms users usually are not Microsoft Windows users, they
do not have any roles associated with them by default. Thus, you must attach
the roles of the authenticating user to that user's identity so that you can
implement the role-based security inside your code.
Use the sample
code in this section to implement role-based security in your application. This
sample code assigns pre-specified roles to the authenticating user. Depending
how you store your user data, you can implement your own method to retrieve the
roles for that authenticated user and attach those roles to the authenticating
user's identity, which is illustrated in the sample code to follow.
Copy the following code in the Global.asax file in your existing application to
assign the roles to the authenticating user in the
Application_AuthenticateRequest event handler:
public void Application_AuthenticateRequest( Object src , EventArgs e )
{
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType == "Forms" )
{
System.Web.Security.FormsIdentity id;
id = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
String[] myRoles = new String[2];
myRoles[0] = "Manager";
myRoles[1] = "Admin";
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id,myRoles);
}
}
}
Back to the topCheck the User Roles and Implement the Program Logic in Your .ASPX Pages
The following steps demonstrate how to implement and control the
program logic based on the roles to which the authenticating user belongs.
- Create a .aspx new page named Sample.aspx, and paste the
following code:
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web" %>
<script runat=server>
public void Page_Load() {
if (User.IsInRole("Admin")){
Response.Write ("You are an Administrator");}
else {
Response.Write ("You do not have any role assigned");}
}
</script>
- Save Sample.aspx in your existing application. Browse to
the page to test it.
Back to the topREFERENCES
For additional information about ASP.NET security features, click the following article number to view the article in the Microsoft Knowledge Base:
306590
INFO: ASP.NET Security Overview
For more information about role-based security,
refer to the following .NET Framework Software Development Kit (SDK)
documentation:
The documentation and source code at the following IBuySpy
Developer Solutions Web site also contains information about role-based
security:
Microsoft
provides third-party contact information to help you find technical support.
This contact information may change without notice. Microsoft does not
guarantee the accuracy of this third-party contact
information.
Back to the top