tags:

views:

553

answers:

3
+4  Q: 

Simple role authentication in asp.net

I want to do a simple role authentication in .NET - but am lost in the profusion of apis...

I would like to have a web.config per directory with role access like:

<authorization>
    <allow roles="admin"/>
    <deny users="*"/>
</authorization>

And in my login page, where I do FormsAuthentication.RedirectFromLoginPage I want to specify the role of the logged in user (admin, user, etc...) I have no need for the RoleManagementProviders and the overkilled feature (in my case) of RoleManagement.

What API do I need to user to just specify the role of a user?

Thanks

A: 

Personally if you are going to use the role management, and user functionality already presented in ASP.NET why try to hack together a solution that down the road will limit your ability to expand.

Working with the default functionality for role assignment is easy, and you don't have to worry about the proper creation of the identity information for the user.

Mitchel Sellers  2008-11-28 18:54:32
I can not use the default functionality, as I dont have a SQL where I can create all teh tables needed by the role membership. I need to find an alternate way.
LeJeune  2008-11-29 00:10:12
+4  A: 

Here is a link on a very simple Forms Authentication implementation with roles. I believe this is the most basic Forms Authentication implementation: http://www.codeproject.com/KB/web-security/formsroleauth.aspx

Here is one on the membership provider: http://www.asp.net/learn/moving-to-asp.net-2.0/module-08.aspx You might have to search for additional tutorials to get a clear idea on how to customize it.

I prefer the membership provider because it allows you to override the defaults and supply your own datastore and methods used for the different authentication actions. I find it to be easier than using the basic implementation.

metanaito  2008-11-28 20:09:36
Thanks. THis is good info.
LeJeune  2008-11-29 06:11:08
A: 

Note that to use the role provider model you do not have to use a database and a schema, there are simpler options. You might be interested in using the Authorization Manager (a free download from Microsoft) which lets you add a role provider to an ASP.NET application and configure the roles and permissions using their tool (an MMC snap-in accessed through Administrative Tools).

How To: Use Authorization Manager with ASP.NET 2.0

The configuration exposed by the tool gets stored into an xml file which is referenced in the applications web.config:

<connectionStrings>
  <add name="LocalPolicyStore" connectionString="msxml://C:/AzManStore.xml"/>
</connectionStrings>

Which can then be referenced when you configure the application to use the Authorization Manager role provider:

<roleManager enabled="true" defaultProvider="RoleManagerAzManProvider">
  <providers>
    <add name="RoleManagerAzManProvider"
         type="System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a"
         applicationName="MyApp"
         connectionStringName="LocalPolicyStore"/>
  </providers>
</roleManager>
J c  2008-12-12 14:02:34

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps