Bala's Code gallery: Role Management using cookies

UPDATED RELEASE: Blaze Security Release v1.0 (Feb 14, 2008)

Thu, 14 Feb 2008 10:14:54 GMT

How to Use:

1. Download the dll and add the reference to your website.

2. Validate the user credentials and if succesful create the cookie using

+Blaze.Security.FormsSecurity.SetAuthenticationCookie(string username, double expiration, bool isPersistent, string roles)+
(The roles of the user can be mentioned in the fourth parameter separated by ',').

3. Add the Global Application Class file (Global.asax) to your website.

4. Copy and paste the following code into the Global.asax.

void Application_AuthenticateRequest(object sender, EventArgs e)
{
// Code that runs on application authenticate event.
Blaze.Security.FormsSecurity.InsertPrincipal();

}

5. Add entries to your web.config just as you would while using normal forms authentication
<configuration>
<system.web>
.......
<authentication mode="Forms">
<forms loginUrl=" ....."></forms>
</authentication>
......
</system.web>
<location path="....path...">
<system.web>
<authorization>
<allow roles="....Roles separated by coma....."/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>

CREATED RELEASE: Blaze Security Release v1.0 (Feb 14, 2008)

Thu, 14 Feb 2008 10:12:57 GMT

How to Use:

1. Download the dll and add the reference to your website.
2. Validate the user credentials and if succesful create the cookie using

+Blaze.Security.FormsSecurity.SetAuthenticationCookie(string username, double expiration, bool isPersistent, string roles)+
(The roles of the user can be mentioned in the fourth parameter separated by ',').
3. Add the Global Application Class file (Global.asax) to your website.
4. Copy and paste the following code into the Global.asax.

void Application_AuthenticateRequest(object sender, EventArgs e)
{
// Code that runs on application authenticate event.
Blaze.Security.FormsSecurity.InsertPrincipal();

}
5. Add entries to your web.config just as you would while using normal forms authentication
<configuration>
<system.web>
.......
<authentication mode="Forms">
<forms loginUrl=" ....."></forms>
</authentication>
......
</system.web>
<location path="....path...">
<system.web>
<authorization>
<allow roles="....Roles separated by coma....."/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>

UPDATED WIKI: Home

nbalagopal — Thu, 14 Feb 2008 09:52:03 GMT

Implementing forms authentication in an ASP.NET is quite easy using cookies. A few entries in the web.config and a few lines of code and you're done.
The problem hits you when you need to handle roles using the same mechanism.

The SetAuthCookie and RedirectFromLoginPage methods provided by the forms authentication class do not provide a means to store additional user information in the cookie except for the username.

The solution provided here allows you to leverage the capability of cookies to store other user data where in you can store the roles of the user separated by coma.

UPDATED WIKI: Home

nbalagopal — Tue, 12 Feb 2008 10:28:48 GMT

Making role management in ASP.NET forms authentication easier.

Implementing forms authentication in an ASP.NET is quite easy using cookies. A few entries in the web.config and a few lines of code and you're done.
The problem hits you when you need to handle roles using the same mechanism.