User Roles Problem

06-03-2013, 07:59 AM

james2k2

Junior Contributor

Join Date: Oct 2002

Posts: 352

User Roles Problem

Hi All,

I'm in the middle of developing a system where the page data is authenticated against the current user before being displayed. Now, this was working and now it's not.

Basically, I have an SQL database where each row contains the Page Data and also what roles have access to that Page Data. The Roles column could have any number of roles or usernames mixed within it per page, for example:

"jsmith,Domain Admins,Web Editors" In this example, only John Smith (jsmith), Domain Administrators and Web Editors are allowed to view the content. SO I created a Function that dealt with this:

Code:

Public Function UserIsInRole(RoleString As String) As Boolean
        'checks to see if a comma delimited string of roles is part of the currently logged in user

        Dim SplitRoles() As String = Strings.Split(RoleString, ",")     'break down the roles to an array
        Dim RoleCount As Integer = 0                                    'set role count to zero

        For Each Role As String In SplitRoles                           'check each role in the array against the user
            If User.IsInRole(Role) Then RoleCount += 1
        Next

        If RoleCount > 0 Then
            Return True
        Else
            Return False
        End If
    End Function

I already realise I've not got the Domain in the check string (for ex. "myDomain\" & Role) but this didn't seem to matter previously.

Also, as you can see above, I'm using the IsInRole to query the Username, and this also used to work, but now returns False. Everything I try returns False except for 'Everyone'. So I now changed my code to include the domain in the role check and this only works for custom roles or non-admin roles. If I produce a role list for the current user, I can confirm that these 'Admin' roles are missing, unless I run IE as an Administrator and then they appear.

Bit of background: ASP.NET 2.0, IIS7, Local Machine Testing (localhost). I'm using ASP.NET 2.0 as I intend to eventually run it on a Win2k3 server that's only got 2.0 installed.

Any ideas?

Many thanks,
James

__________________
I don't have a signature

06-03-2013, 08:43 AM

DrPunk

Senior Contributor

* Expert *

Join Date: Apr 2003

Location: Never where I want to be

Posts: 1,403

The code run in User.IsInRole seems to be the important part. If that returned True when it should then everything should work.

That's probably the code we need to look at.

Edit :- Apologies for not realising that User.IsInRole is not your own code. Just looking up about it now. I'll hopefully be back in a bit.

__________________
There are no computers in heaven!

Last edited by DrPunk; 06-03-2013 at 08:49 AM.

06-03-2013, 08:55 AM

james2k2

Junior Contributor

Join Date: Oct 2002

Posts: 352

Yeah, you are spot on. I've just been testing my code using fully qualified tests (i.e. "myDomain\Group") and my function is working fine to that respect. So ultimately, my goal is to get the User.IsInRole returning True as it was doing. My web.config is as follows:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <compilation debug="true">
      <assemblies>
        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
      </assemblies>
    </compilation>
    <pages />
    <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" />
        <identity impersonate="false" />
  </system.web>
  <!-- Start Force IE in Standards Mode -->
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <clear />
        <add name="X-UA-Compatible" value="IE=edge" />
      </customHeaders>
    </httpProtocol>
        <caching enabled="false" enableKernelCache="false" />
        <staticContent>
            <clientCache cacheControlMode="NoControl" />
        </staticContent>
        <defaultDocument>
            <files>
                <clear />
                <add value="default.aspx" />
                <add value="Default.htm" />
                <add value="Default.asp" />
                <add value="index.htm" />
                <add value="index.html" />
                <add value="iisstart.htm" />
            </files>
        </defaultDocument>
  </system.webServer>
  <!-- End Force IE in Standards Mode -->
</configuration>

Please forgive me too, I'm actually using IIS7.5.

__________________
I don't have a signature

Last edited by james2k2; 06-03-2013 at 09:03 AM.

06-03-2013, 10:00 AM

james2k2

Junior Contributor

Join Date: Oct 2002

Posts: 352

Just an update really. The code below is my modified function that will do the aforementioned checking properly. A side note would be that this forces a check against the Domain specified, whereas the way it was working previously would mean it could potentially match builtin or any domain (security issue). I'm not sure if this is exactly a solid solution so any input would be great. Many thanks

Code:

    Public Function UserIsInRole(RoleString As String, Optional NetDomain As String = "") As Boolean
        'checks to see if a comma delimited string of roles is part of the currently logged in user

        Dim SplitRoles() As String = Strings.Split(RoleString, ",")         'break down the roles to an array
        Dim RoleCount As Integer = 0                                        'set role count to zero

        If NetDomain <> "" Then NetDomain &= "\"

        For Each Role As String In SplitRoles                               'check each role in the array against the user
            If User.IsInRole(NetDomain & Role) Then RoleCount += 1
            If User.Identity.Name = NetDomain & Role Then RoleCount += 1
        Next


        If RoleCount > 0 Then                                               'return true if the user was found to match any roles supplied
            Return True
        Else
            Return False
        End If
    End Function

__________________
I don't have a signature