I'm in the middle of developing a system where the page data is authenticated against the current user before being displayed. Now, this was working and now it's not.
Basically, I have an SQL database where each row contains the Page Data and also what roles have access to that Page Data. The Roles column could have any number of roles or usernames mixed within it per page, for example:
"jsmith,Domain Admins,Web Editors" In this example, only John Smith (jsmith), Domain Administrators and Web Editors are allowed to view the content. SO I created a Function that dealt with this:
Public Function UserIsInRole(RoleString As String) As Boolean
'checks to see if a comma delimited string of roles is part of the currently logged in user
Dim SplitRoles() As String = Strings.Split(RoleString, ",") 'break down the roles to an array
Dim RoleCount As Integer = 0 'set role count to zero
For Each Role As String In SplitRoles 'check each role in the array against the user
If User.IsInRole(Role) Then RoleCount += 1
If RoleCount > 0 Then
I already realise I've not got the Domain in the check string (for ex. "myDomain\" & Role) but this didn't seem to matter previously.
Also, as you can see above, I'm using the IsInRole to query the Username, and this also used to work, but now returns False. Everything I try returns False except for 'Everyone'. So I now changed my code to include the domain in the role check and this only works for custom roles or non-admin roles. If I produce a role list for the current user, I can confirm that these 'Admin' roles are missing, unless I run IE as an Administrator and then they appear.
Bit of background: ASP.NET 2.0, IIS7, Local Machine Testing (localhost). I'm using ASP.NET 2.0 as I intend to eventually run it on a Win2k3 server that's only got 2.0 installed.