Re: How do I synchronise Role Based Security ?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: JNathan (jay.nathan_at_mariner-usa.com)
Date: 04/01/04 

Date: 31 Mar 2004 19:37:46 -0800

I assume that you are currently doing some work in the
Application_AuthenticateRequest method of the Global.asax? You might
try adding some more information to the UserData property of the
FormsAuthenticationTicket object. If you are putting your roles there,
just add a separation character and the next date you would like the
roles to be refreshed: Administrator;Reaader|04/01/2004. Parse the
userdata for that date in the Application_AuthenticateRequest and if
the date has passed, go out and get a refreshed list of user roles,
and add them to the ticket as you normally would along with the next
expiration date.

This keeps your users from having to log in more frequently, but
wouldn't it be easier to just make them log in anyway (probably, but
we know how picky users can be!).

Jay Nathan, MCP .NET
Senior Consultant
MARINER

Fresh_Air_Rider@Hotmail.com (Fresh Air Rider) wrote in message news:<556722cb.0403211346.2497dcbd@posting.google.com>...
> Hi All
>
> I have written a website in DotNet (C#) which uses Role-based Security
> with Forms Authentication
> When a user logs in, their roles are retrieved from a SQL Server
> database and an authentication ticket is created.
>
> My only problem is that a User should only have to login every few
> months but I want any changes made to a users permissions record in
> the database to be picked up every time the user logs in.
>
> In other words, if a user has been granted an "Admin" role and then
> has this role revoked because they have misused it, I want the user to
> be prevented from accessing the "Administration" area next time he or
> she accesses the website.
>
> I'm guessing that I Would need to update the
> FormsAuthenticationTicket, possibly within the Session_Start section
> of Global.asax.cs
>
> If anyone could please give me some advice or a URL of an article
> which covers this then I would be very grateful.
>
> Many thanks in advance
> John

Relevant Pages

  • RE: How do I keep a FormsAuthenticationTicket up to date ?
    ... // UPDATE USER ROLES HERE WITH DB ETC. ... When a user logs in, their roles are retrieved from a SQL Server ... database and an authentication ticket is created. ... the database to be picked up every time the user logs in. ...
    (microsoft.public.dotnet.security)
  • RE: Default Values
    ... the database can open a hidden form that holds the UserID so it can be referenced other places or ... When a user logs in, the database can store their UserID as a global variable that can be referenced anywhere in the database ...
    (microsoft.public.access.tablesdbdesign)
  • Newbie - How to fill forms without a button click
    ... Automatically filling in a form from a database. ... When the user logs in, it should take the user to something like the ... Holland Projects ...
    (microsoft.public.scripting.vbscript)
  • Re: Session Cannot Always Access Database
    ... > I have a site where a user logs in and a session variable I created is ... > Thanks for any insight as to what may be causing this. ... I would guess that you have your database name stored as a session ... subscriptions, and you were looking for a firstname, you might have ...
    (comp.lang.php)
  • Re: Website Development
    ... I'll absolutely need a database, and a method where the ... user logs in. ... but top posting seems to make sense for some replies. ... > microsoft.public.scripting.jscript "Jonathan Wood" ...
    (microsoft.public.scripting.jscript)