https://www.codeproject.com/Articles/36836/Forms-Authentication-and-Role-based-Authorization

Problem Space

Sad, but true, “Forms authentication in ASP.NET does not directly support role based authorization”. If you have ended up implementing Forms authentication along with configuring authorization rules for “users” and “roles” in the web.config, you are going to see the access rules working fine for “users”, but, not working at all for “roles”. You might have thought, there must be some way to specify user roles in the famous FormsAuthentication.RedirectFromLoginPage(), or, any other method. But, there isn't!

Background

This is really surprising because, in real life, most applications (if not all) actually require authorization of system resources based upon user roles, not user names. So, if you are going to use Forms authentication in your upcoming ASP.NET application, and you need to implement role based authorization in your system, you have a problem.

Wait, this is not entirely true, because of two reasons:

Reason 1: Since ASP.NET 2.0, we have Membership. It includes Membership (User) service, Role service, and Profile (User properties) service. And, using Membership, you can easily implement Role based authorization in your ASP.NET application.

Reason 2: Even if you don't use Membership, you can write some code to implement Role based authorization in Forms authentication. Basically, you need to create the authentication ticket yourself and push the user roles in the “UserData” property after authenticating the user. Also, you need to retrieve user roles from the same “UserData” property in the authentication ticket and set it in the current User property in the subsequent requests. This trick works, and many have done this already.

So, What is this Article About?

Well, this article assumes that you did use Forms authentication directly instead of ASP.NET Membership in your application for some good reasons. Consequently, you implemented Role based authorization as suggested by lots of articles on the web (like this one). But I tell you, you probably ended up doing an incorrect and incomplete implementation, and you might have problems in the near future.

This article is going to address the problems with the suggested implementation approaches, and provide you a correct, smart, and quick way of implementing Role based authorization in case you are not using ASP.NET Membership in your system. All you'll need is 5 minutes to implement this!

Please take a look at this article before you proceed, in case you are new to ASP.NET and wondering about Forms Authentication.

Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach的更多相关文章

  1. forms authentication原理

    细说ASP.NET Forms身份认证 asp.net 登陆验证 Form表单验证的3种方式 Understanding and Implementing ASP.NET Custom Forms A ...

  2. Forms Authentication in ASP.NET MVC 4

    原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...

  3. Azure ARM (16) 基于角色的访问控制 (Role Based Access Control, RBAC) - 使用默认的Role

    <Windows Azure Platform 系列文章目录> 今天上午刚刚和客户沟通过,趁热打铁写一篇Blog. 熟悉Microsoft Azure平台的读者都知道,在老的Classic ...

  4. An Overview of Forms Authentication (C#)

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/an-o ...

  5. SSRS 2016 Forms Authentication

    SSRS 2016 comes with completely new report manager web interface and implementing form authenticatio ...

  6. How does ASP.NET Forms Authentication really work?

    I've always wondered how exactly ASP.NET forms authentication works. Yes, I know how to configure Fo ...

  7. Nancy之Forms authentication的简单使用

    一.前言 想必大家或多或少都听过微软推出的ASP.NET Identity技术,可以简单的认为就是一种授权的实现 很巧的是,Nancy中也有与之相类似的技术Authentication,这两者之间都用 ...

  8. Nancy 学习-身份认证(Forms authentication) 继续跨平台

    开源 示例代码:https://github.com/linezero/NancyDemo 上篇讲解Nancy的Basic Authentication,现在来学习Nancy 的Forms身份认证. ...

  9. ASP.NET 4.0 forms authentication issues with IE11

    As I mentioned earlier, solutions that rely on User-Agent sniffing may break, when a new browser or ...

随机推荐

  1. java 3大特性

    1. 封装 : 定义: 封装是把过程和数据包围起来,对数据的访问只能通过已定义的接口. 作用: 封装通过对属性增加修饰符来控制数据的访问权限,定义数据的访问接口,增加了数据的隐秘性和安全性. 2.继承 ...

  2. Web处理方式

    ProcessRequest 方法简称 PR方法 PR方法内部调用Page_Load方法   MVC设计模式 Model是指要处理的业务代码和数据操作代码 View视图主要是指的跟用户打交道并能够展示 ...

  3. CSS实例:图片导航块

    1.认识CSS的 盒子模型. 2.CSS选择器的灵活使用. 3.实例: a.图片文字用div等元素布局形成HTML文件. b.新建相应CSS文件,并link到html文件中. c.CSS文件中定义样式 ...

  4. jdk和jre区别

  5. 财务自由VS精神自由

    财务自由 财务自由,在物质层面改善人的生活.它使人不愁生计.住更宽敞明亮的房间,穿锦衣绸缎,自由自在地游玩,做自己想做的事儿.可是,这就是它的能力所及了.钱无法改变人的品味.审美和人格.它也无法告诉人 ...

  6. ODBC数据库

    ODBC数据源全称是开放数据库互连(Open Database Connectivity),在微软公司开放的数据库结构中的一部分,其实是一个应用程序的接口,主要用于提供数据库的编写应用程序的能力.

  7. numpy数学数据处理

    数学和统计方法 sum 对数组中全部或某轴向的元素求和.零长度的数组的sum为0. mean 算术平均数.零长度的数组的mean为NaN. import numpy as np import nump ...

  8. USB接口案例——多态和转型

    其中,为传递和使用的匿名对象,即创建了对象,但是没有引用类和对象名来接收: 电脑类中的操作usb的成员方法中,要向下转型,毛主席讲的具体问题具体分析,不同的设备有不同的操作:

  9. flask 处理表单数据

    处理表单数据 表单数据的处理涉及很多内容,从获取数据到保存数据大致有以下步骤: 1.  解析请求,获取表单数据 2.  对数据进行必要的转换,比如讲勾选框的值转换成python的布尔值 3.  验证数 ...

  10. flask 在模板中渲染表单

    在模板中渲染表单 为了能够在模板中渲染表单,我们需要把表单类实例传入模板.首先在视图函数里实例化表单类LoginForm,然后再render_template()函数中使用关键脑子参数form将表单实 ...