Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach
https://www.codeproject.com/Articles/36836/Forms-Authentication-and-Role-based-Authorization
Problem Space
Sad, but true, “Forms authentication in ASP.NET does not directly support role based authorization”. If you have ended up implementing Forms authentication along with configuring authorization rules for “users” and “roles” in the web.config, you are going to see the access rules working fine for “users”, but, not working at all for “roles”. You might have thought, there must be some way to specify user roles in the famous FormsAuthentication.RedirectFromLoginPage()
, or, any other method. But, there isn't!
Background
This is really surprising because, in real life, most applications (if not all) actually require authorization of system resources based upon user roles, not user names. So, if you are going to use Forms authentication in your upcoming ASP.NET application, and you need to implement role based authorization in your system, you have a problem.
Wait, this is not entirely true, because of two reasons:
Reason 1: Since ASP.NET 2.0, we have Membership. It includes Membership (User) service, Role service, and Profile (User properties) service. And, using Membership, you can easily implement Role based authorization in your ASP.NET application.
Reason 2: Even if you don't use Membership, you can write some code to implement Role based authorization in Forms authentication. Basically, you need to create the authentication ticket yourself and push the user roles in the “UserData
” property after authenticating the user. Also, you need to retrieve user roles from the same “UserData
” property in the authentication ticket and set it in the current User
property in the subsequent requests. This trick works, and many have done this already.
So, What is this Article About?
Well, this article assumes that you did use Forms authentication directly instead of ASP.NET Membership in your application for some good reasons. Consequently, you implemented Role based authorization as suggested by lots of articles on the web (like this one). But I tell you, you probably ended up doing an incorrect and incomplete implementation, and you might have problems in the near future.
This article is going to address the problems with the suggested implementation approaches, and provide you a correct, smart, and quick way of implementing Role based authorization in case you are not using ASP.NET Membership in your system. All you'll need is 5 minutes to implement this!
Please take a look at this article before you proceed, in case you are new to ASP.NET and wondering about Forms Authentication.
Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach的更多相关文章
- forms authentication原理
细说ASP.NET Forms身份认证 asp.net 登陆验证 Form表单验证的3种方式 Understanding and Implementing ASP.NET Custom Forms A ...
- Forms Authentication in ASP.NET MVC 4
原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...
- Azure ARM (16) 基于角色的访问控制 (Role Based Access Control, RBAC) - 使用默认的Role
<Windows Azure Platform 系列文章目录> 今天上午刚刚和客户沟通过,趁热打铁写一篇Blog. 熟悉Microsoft Azure平台的读者都知道,在老的Classic ...
- An Overview of Forms Authentication (C#)
https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/an-o ...
- SSRS 2016 Forms Authentication
SSRS 2016 comes with completely new report manager web interface and implementing form authenticatio ...
- How does ASP.NET Forms Authentication really work?
I've always wondered how exactly ASP.NET forms authentication works. Yes, I know how to configure Fo ...
- Nancy之Forms authentication的简单使用
一.前言 想必大家或多或少都听过微软推出的ASP.NET Identity技术,可以简单的认为就是一种授权的实现 很巧的是,Nancy中也有与之相类似的技术Authentication,这两者之间都用 ...
- Nancy 学习-身份认证(Forms authentication) 继续跨平台
开源 示例代码:https://github.com/linezero/NancyDemo 上篇讲解Nancy的Basic Authentication,现在来学习Nancy 的Forms身份认证. ...
- ASP.NET 4.0 forms authentication issues with IE11
As I mentioned earlier, solutions that rely on User-Agent sniffing may break, when a new browser or ...
随机推荐
- word之删除图标目录之间的空行
在生成图表目录时,发现Office word图表目录中多个标题之间的空行无法删除,我是自己建的标签,比如“图1-”.“图2-”…….“表1-”.“表2-”…… 发现“图1-”.“图2-”…….“表1- ...
- DX9 顶点缓存案例
// @time 2012.3.5 // @author jadeshu //包含头文件 #include <Windows.h> #include <d3d9.h> #pra ...
- Sql Server参数化查询之where in和like实现详解 [转]
文章导读 拼SQL实现where in查询 使用CHARINDEX或like实现where in 参数化 使用exec动态执行SQl实现where in 参数化 为每一个参数生成一个参数实现where ...
- mysql 查看版本和是否支持分区
命令行界面: 查看版本: select version(); 结果: +------------+| version() |+------------+| 5.6.31-log |+--------- ...
- mysql 问题:连不上
问题描述: 客户端报错: MySQL Authentication plugin ‘caching_sha2_password’ cannot be loaded 解决方式: ALTER USER ' ...
- 机器学习-LR推导及与SVM的区别
之前整理过一篇关于逻辑回归的帖子,但是只是简单介绍了一下了LR的基本思想,面试的时候基本用不上,那么这篇帖子就深入理解一下LR的一些知识,希望能够对面试有一定的帮助. 1.逻辑斯谛分布 介绍逻辑斯谛回 ...
- mybatis源码解析10---StatementHandler解析
StatementHandler解析 接口的作用是statement处理器,位于mybatis包的org.apache.ibatis.executor.statement目录下,源码如下: packa ...
- Class__One HomeWork 实验报告
石家庄铁道大学信息科学与技术学院 实验报告 2018年----2019年 第一学期 题目: 四则运算和验证码 课程名称: JAVA语言程序设计 班 ...
- spring boot 概念
最近新版本迭代,一直在弄框架替换和新技术实现的事儿. 本来想仔细介绍一下Spring Boot的各种东西,后来发现没啥写的,Spring Boot 说白了就是把你开发过程中用到的各种框架给你封装了一下 ...
- 算法训练 P0505
一个整数n的阶乘可以写成n!,它表示从1到n这n个整数的乘积.阶乘的增长速度非常快,例如,13!就已经比较大了,已经无法存放在一个整型变量中:而35!就更大了,它已经无法存放在一个浮点型变量中.因此, ...