Geeks With Blogs

David Madden Mastering the craft one mountain at a time.

I find myself on an assignment where I could not use System.Web.Security.Roles.  That meant that I could not use Visual Studio's Website | ASP.NET Configuration.  I had to go about things another way.  The clues were in these two websites:

You can set in your web.config the restrictions on folders without having to set the restrictions in multiple folders through their own web.config file.  In my main default.aspx file in my protected subfolder off my main site, I did the following code due to MultiFormAuthentication (MFA) providing the security to this point:

        string role = string.Empty;
        if (((Login)Session["Login"]).UserLevelID > 3)
            role = "PowerUser";
            role = "Newbie";
        FormsAuthenticationTicket ticket = 
new FormsAuthenticationTicket(
1,                 ((Login)Session["Login"]).UserID,                 DateTime.Now,                 DateTime.Now.AddMinutes(20),                 false,                 role,                 FormsAuthentication.FormsCookiePath);
        string hashCookies = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = 
new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);         Response.Cookies.Add(cookie);

This all gave me the ability to change restrictions on folders without having to restart the website or having to do any hard coding.

Posted on Friday, May 25, 2012 4:08 PM | Back to top

Comments on this post: Controlling access to site folders if you cannot use Roles

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © DavidMadden | Powered by: