Security :: Authorize And Authenticate Users By Roles?
May 18, 2010
How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication. Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.?
So I can get the user logon to some recording data or some thing else.
I was thinking if that was possible to put some value in web config that gets the user logon and if that logon is authorizated for that page it let him open else it close the page...
I found a great answer on SO describing how to set up custom user roles, and I've done the same in my project. So in my Login service I have:
public ActionResult Login() { // password authentication stuff omitted here var roles = GetRoles(user.Type); // returns a string e.g. "admin,user" var authTicket = new FormsAuthenticationTicket( 1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), // expiry false, roles, "/"); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); Response.Cookies.Add(cookie); return new XmlResult(xmlDoc); // don't worry so much about this - returns XML as ActionResult } And in Global.asax.cs, I have (copied verbatim from the other answer): protected void Application_AuthenticateRequest(Object sender, EventArgs e) { var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { var authTicket = FormsAuthentication.Decrypt(authCookie.Value); var roles = authTicket.UserData.Split(new Char[] { ',' }); var userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), roles); Context.User = userPrincipal; } } Then, in my ServicesController class, I have: [Authorize(Roles = "admin")] //[Authorize] public ActionResult DoAdminStuff() { ... }
I login as a user with the "admin" role, and that works. Then I call /services/doadminstuff - and I get access denied, even though when I put a breakpoint in Global.asax.cs, I can see that my roles do include "admin". If I comment out the first Authorize attribute (with roles) and just use a plain vanilla Authorize, then I can access the service.
Im creating an application where the user table is stored outside the database, therefore i wont need to use the built-in asp.net user tables. However i would still like to use all the features the asp.net membership security provides i.e. restrict users from certain pages using the web.config
I would like to authenticate the user manually and set roles to that user temporarily only for that session. Is this possible?
I have the IIS webserver on Domain A. I have many users on Domain B, C, D, E.
I've set the NTFS security permission for each user and his/her domain to the webserver's security ntfs permission folder. But it is still not authenticating. So what do I need to do to enable this feature? I am using windows 2003 webserver.
I am working on an app where users are only allowed access if they click through from certain URLs. I.e. I need to authenticate by using the referral url and I am using Request.UrlReferrer to achieve this.
I am guessing that the Request.UrlReferrer can be tampered with by malicious users to gain access...
I need to authenticate users based on three parameters such as username, password and officename instead of just username and password. User name is unique only across the single office and not across the application.
Can I achieve this using Membership class and if yes do I need to write any custom code for that?
we have a web site (Web Site 1) which is presently working and authenticates the users using ASP.Net login control.
We have a new site (Web Site 2) which will have a web page with user name and password fields and these values will be posted to Web Site 1. I am trying to authenticate those user credentials on Web Site1 using
Membership.ValidateUser(UserName, Password); method. but i am keep getting "User AuthenticatedObject reference not set to an instance of an object. " exception.
I'm workin with Visual studio 2010 and I'm trying to create an ASP.net Web Site, language used - C#
I have 2 different pages, for 2 different users with 2 different roles.Each page has a textbox.I have already created them.What I want to do, is to make a bind between this 2 textboxes, so that the second to get the first boxes' text.I managed to do it, but only if the textboxes are on the same page, very easy (Textbox2.Text=TextBox1.Text) . But how to do it for 2 different pages, for 2 different users with 2 different roles?
Another trouble would be....How can I connect the both users same time....after i start debugging the project, I do a sign in but when I sign in with the second user,the first is automaticly siggned out and the text it's lost.Then, how can they synchronize and the second user see what the first one wrote,using that 2 textboxes? Wich is the solution?
I am trying to implement a page for an admin to edit other users details including roles and profile. I have a custom profile provider that stores data in database. My implementation is a page that shows username and allows an admin to reset user password, unlock users and approve and disapprove the users. I wanted to add a column in the gridview to allow the admin to remove or add a user to a role with the constraint that a user should be added only to one role.
I need to create a site that is Roles based and can use AD groups and Users. I found Scott Mitchell's tutorials for setting up "role-based-authorization-cs" [URL]
I've changed to using Windows auth. instead of forms and am pointing it to a remote SQL Database. I can successfully add a user/password/email etc. (although I believe the password and email sections aren't required and would like to remove them as options).
When I create a user (usera) and login to a windows box as usera the menu displays correctly based on the Roles I've added the user to in the SQL Database.
When I add an AD Group and add it to the same Role the menu's that are displayed do not match that of usera.
I'd like to be able to add entire AD groups (They can obviously change so it needs to be dynamic in some way), as well as add individual AD users to Roles. I'd prefer to do this via a Web interface.
My questions are.
1. Am I going about this the right way?
2. If I'm not what would be a better way?
3. If I am what do I need to do to allow ADGroup lookup?
I am using ASP.NET Membership with the default provider. I have a project where there are 3 different applications(seperated by the applicationName). Now I need every user to be able to log in to all the applications, but have a seperate role in each.Is this possible(I dont want to duplicate user details or logins for the same person)?
i hve 3 applications with membership providers which are wrking perfectly.. i am storing the users , roles , profiles etc in the same database as for the each application. now i want to store users roles etc in a single db n application data in separate db.. how can i shift existing users from current db to new db without re-creating them ..
I am newbie to asp.net.I want to create roles for the existing users in my database. I dont want to use the membership provider database n roles provided with it.(i don't want to use aspnet.mdf at all)
I am create roles for my existing users n assign i wanted to assign the particular roles to a particular assign.
I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.
The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....
I have set up a very simple authentication page where the user enters his password and if successful authentication occurs the program allows the user to make use of the controls in the page.
I used ASP.Net Configuration to create the user and roles, SQL Membership Provider for the authentication tables and asp login controls to authenticate.
Is there any way to add users and roles once the project is deployed? Could I use the ASP.Net configuration page? and if so how?
I'm trying programatically to create a new user, that's working OK on it own, but whenever I add the following line to my code, it seems to create two new members with the same name in my aspnet_Users table?
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization> <allow roles = "Role1 AND Role2"/> <deny users="*"/> </authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
Initially, in my solution I had one project, and had set up all that is required for asp.net security, and that includes users and roles and access rules, etc. All of that was and still is working fine.
Now I added another project to my solution, and my first project points to pages in the second project.
The problem is that it seems like the users and roles are not being transferred accross projects. Not sure if I am explaining my problem correctly...if not, feel free to ask...
Its my first time trying to manage users and roles accross projects within a solution.
I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.
I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.
I can I make the new application to recognize the users and roles of the existing database?
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.