I've been looking at implementing a custom SQL Server-based membership provider and one of my problems is that the membershipUserObject is keyed on a GUID. Since I'm using an existing ID as a key to roles and user data, this presents an interesting problem. I'd like your opinion on which option -- or whether there's another option I ha...
I want to make the roles default for my controller class to "Administrators, Content Editors" [Authorize(Roles = "Administrators, Content Editor")] I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that ever...
I come from an ASP.NET background and find the entire roles based authorization scheme limiting to say the least. I've read about Microsoft's new Identity Model and the Geneva Framework with its Claims based architecture but it seems overly complex. In general, I'd like to know more about possible authorization architectures to find out...
I tried to convert this VB.NET sample here http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm without any success, can anyone know an example ? Thanks ...
Here's a question that I'm sure almost every one of you have come across in your careers unless you are still working for the first company you ever worked for. In IT, most job descriptions seem to be made up. A Senior Systems Analyst at company A seems to do something very different from that same Senior Systems Analyst at company B. ...
I have a system for students, instructors, and administrators. Sometimes an instructor can also be an administrator. I intend to store menus and submenus in XML. Should I store admin and instructor menus in separate nodes, and then combine them when I render, or should I have one master menu with roles attached that shows all the option...
I need to make decisions in a JSP based on the user's roles. Is there a tag or EL expression that lets me do that? ...
We have a Struts 2 web application that's used by pretty much every employee to manage and configure jobs for our server farm. We're working on a plan to make a dashboard for customers, so they can see their own jobs, and a very simple display of its status ("in process", "ready for proofing", "finished", etc). All of the pages the cus...
Hello, According to my book, if role management is enabled, then RoleManagerModule creates the security context of the user by assigning RolePrincipal object to the HttpRequest.User. But isn’t security context already created ( thus principal object being assigned to HttpContext.User ) by FormsAuthenticationModule, which is called pr...
Very simple question actually: I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true. I currently have this in my Web.Config: UPDATE I was ...
Hello, According to my book, if role management is enabled, then RoleManagerModule creates the security context of the user by assigning RolePrincipal object to the HttpRequest.User. But isn’t security context already created ( thus principal object being assigned to HttpContext.User ) by FormsAuthenticationModule, which is called pr...
I am looking for a good role based authorization solution to use alongside Authlogic. Anyone have any good suggestions? Please list some pros and cons from your experience if possible please. ...
Hello, I know how to create users and assign them to roles etc, but when I tried to dig a bit deeper into how roles and membership tables are able to establish a relationship between each other, I got totally lost ( BTW – I do know how foreign/primary keys work ;) ) BTW - I've created tables in databases using aspnet_sqlreg wizard ...
How do you implement Roles and Security in your C# Domain Driven Designs? We have some debate raging on wether it should be implemented by the calling application (ASP.NET MVC) or in the Domain Model itself (model entities and services). Some argue that it should be in the web site itself since that's where the authentication already exi...
Hello, Q1 Book says that we can choose to share profile information between web application by having profile providers use the same ApplicationName value. But would it also be ok for applications to share roles, or would that represent a security risk? Q2 If ProfileManager.AutomaticSaveEnabled is set to True, then when change is ...
I've already separated the authentication bit out of my controllers, but I'm still forced to assign permissions and roles in my controller actions and service classes. Lets say that a user is creating a blog entry or something like that and the system will assign the user a permission giving him the right to do what ever he (or she) wa...
Hello, In IIS7, I click on .NET Roles and I see a list of my Roles, but when I click a Role, no Users show up, the page is blank. I have added the users to the role and it does show the correct count next to the role name. Is these somehting I am missing? Does anyone else share this problem? Is this a bug? Thank for any help! ...
Hi Folks, I'm using OpenId in my ASP.NET MVC application. Works great :) Once i have the user's OpenId Identifier (once they have authenticated and returned to my site), i load up the users data (to get display name, etc). From here, i also know their roles. I'm not sure how to assign the role to the current Forms.Identity. here's my...
Hi folks, I wish to lock out access to a user's EDIT page (eg. /user/pure.krome/edit) if a) Identity.IsAuthenticated = false or they are authenticated but b) Idenitity.Name != user name of the user page they are trying to edit c) Identity.UserType() != UserType.Administrator // This is like a Role, without using RoleProviders. I'm ...
I'm trying to get a sense of how to implement the user/role relationships for an application I'm writing. The persistence layer is Google App Engine's datastore, which places some interesting (but generally beneficial) constraints on what can be done. Any thoughts are appreciated. It might be helpful to keep things very concrete. I wo...