Archive for the ‘forms authentication’ Category
Now that we’ve assigned roles to our users, we need to assign permissions to the roles.
The easiest way to do this is through the web.config file, which will allow us to control which pages the roles can access.
But how do we control items beyond pages? For that we’ll need to do a bit of “role your own” coding.
Another function that is not supplied by one of the existing controls in ASP.NET is the ability to assign a user to a role. For this, we will need to resort to using the APIs.
Since we can assign roles to users using the ASP.NET configuration tool, we can assume there is an API available that will do this work for us.
Here is how it is done.
There are several controls that allow you to display content based on the role a user is in, including:
And the web.config file allows us to control which pages can be viewed based on which role a user is in.
But what if you need to determine the role a user is in using the APIs? How do you do that?
It turns out that the API for this is really rather straightforward.
I’ve had several occasions in the past where I’ve needed to do my own authentication or I’ve needed to add some additional methods to the authentication process.
As easy as Microsoft has made the authentication process, you might think that in order to manually authenticate you’d need to write all of your authentication code manually. But nothing could be farther from the truth.
In fact, most of the time all you need to do is trap an event handler in the existing login control.
While there are a lot of controls available in ASP.NET that allow you to manage forms authentication, one control that doesn’t exist is something that will allow you to manage your user list.
Most of the time you don’t need this, but when you do, there is an obvious hole.
Since we need to write this code ourselves, how do access the user list from our code?