Detecting failed Authorization?

Results 1 to 2 of 2

Thread: Detecting failed Authorization?

  1. #1
    Join Date
    Dec 1969

    Default Detecting failed Authorization?

    [VB.NET/ASP.NET]<BR><BR>I&#039;m trying to get a grasp of using Forms Authentication and I&#039;m getting most everything to work, but I am unable to figure out how to detect if a user is not Authorized to access a certain file or folder. This is how my code works so far:<BR><BR>- A user tries to access a page that is in a folder that requires only people in the role of "Monkeys" can access. If the person has not authenticated, he/she is sent to a login form. Once the login information is submitted, the info is compared to data in a database and if the information is valid, the users Role is set to a cookie called "Roles" for future use... if a user belongs in several roles, the values are seperated by ".".<BR><BR>- The following lines of code are in my Global.asax.vb file to process the Role information to make sure the user has access to the desired file:<BR><BR>********<BR> If Not context.User Is Nothing AndAlso context.User.Identity.IsAuthenticated Then<BR> &#039;Create a generic identity<BR> Dim userIdentity As GenericIdentity = New &_ GenericIdentity(context.User.Identity.Name, "Forms")<BR> &#039;Create a generic principal<BR> Dim userPrincipal As GenericPrincipal = New &_<BR>GenericPrincipal(userIdentity, context.Request.Cookies &_("Roles").Value.Split("."))<BR> &#039;Set the new Principal to the Current User<BR> context.User = userPrincipal<BR> End If<BR>********<BR><BR>If the user does not belong to the role of "Monkey" he/she appears to be redirected back to the login screen, but all previous login information is lost... it&#039;s almost as if the session is reset. Therefore, I can&#039;t figure out how to display a "friendly message" to the user stating that he/she is not authorized to view the file... he/she just sees the login screen again with no warning.<BR><BR>I&#039;m not sure what other code I should post here. Does anyone know how to detect if Authorization failed or have any suggestions for me?

  2. #2
    Join Date
    Dec 1969

    Default RE: Detecting failed Authorization?

    I agree that this is one limitation of Forms-based authentication. What I have done for this situation (and it feels like a bit of a hack) is, on the login page, check to see if the user is logged in (User.Identity.Name.Length &#062; 0). If they are, and they&#039;re on the login page, I assume that they attempted to access a resource they didn&#039;t have permission to, so I display a friendly message.<BR><BR>hth

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts