Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Setting HttpContext.Current.User

  • 24-07-2009 7:01pm
    #1
    Registered Users, Registered Users 2 Posts: 4,114 ✭✭✭


    I have an ASP.NET site and I am logging in users without using the ASP.NET login control. I can assign them to roles once they login.
    See example code below:
     string[] roles = {"Admin"};
          
            System.Security.Principal.GenericIdentity curIdentity = null;
            System.Security.Principal.GenericPrincipal curPrincipal = null;
                curIdentity = new System.Security.Principal.GenericIdentity(userName);
                curPrincipal = new System.Security.Principal.GenericPrincipal(curIdentity, roles);
                HttpContext.Current.User = curPrincipal;
    
     if (HttpContext.Current.User.IsInRole("Admin"))
               {
                System.Windows.Forms.MessageBox.Show("This user is in admin role");
               }
    
    
    The user is in the role I want them to be but the settings I have placed in my Web.config file are not being picked up.

    Web.config section below:
    
     <location path="Page1.aspx">
        <system.web>
          <authorization>
          <deny roles="Admin">        
          </deny>       
          </authorization>
        </system.web>    
      </location>
    

    The "Page1.aspx" file should not be accessible to a user in the Admin role but it is. This is because the "HttpContext.Current.User" is not being recognised outside of the page it is in. How can I change this? I've seen some code on the web that might fix it but it looks a right nightmare.


Comments

Advertisement