Xtreme Visual Basic Talk

Xtreme Visual Basic Talk (http://www.xtremevbtalk.com/)
-   ASP.Net (http://www.xtremevbtalk.com/asp-net/)
-   -   User Roles Problem (http://www.xtremevbtalk.com/asp-net/326013-user-roles.html)

james2k2 06-03-2013 08:59 AM

User Roles Problem
 
Hi All,

I'm in the middle of developing a system where the page data is authenticated against the current user before being displayed. Now, this was working and now it's not.

Basically, I have an SQL database where each row contains the Page Data and also what roles have access to that Page Data. The Roles column could have any number of roles or usernames mixed within it per page, for example:

"jsmith,Domain Admins,Web Editors" In this example, only John Smith (jsmith), Domain Administrators and Web Editors are allowed to view the content. SO I created a Function that dealt with this:

Code:

Public Function UserIsInRole(RoleString As String) As Boolean
        'checks to see if a comma delimited string of roles is part of the currently logged in user

        Dim SplitRoles() As String = Strings.Split(RoleString, ",")    'break down the roles to an array
        Dim RoleCount As Integer = 0                                    'set role count to zero

        For Each Role As String In SplitRoles                          'check each role in the array against the user
            If User.IsInRole(Role) Then RoleCount += 1
        Next

        If RoleCount > 0 Then
            Return True
        Else
            Return False
        End If
    End Function

I already realise I've not got the Domain in the check string (for ex. "myDomain\" & Role) but this didn't seem to matter previously.

Also, as you can see above, I'm using the IsInRole to query the Username, and this also used to work, but now returns False. Everything I try returns False except for 'Everyone'. So I now changed my code to include the domain in the role check and this only works for custom roles or non-admin roles. If I produce a role list for the current user, I can confirm that these 'Admin' roles are missing, unless I run IE as an Administrator and then they appear.

Bit of background: ASP.NET 2.0, IIS7, Local Machine Testing (localhost). I'm using ASP.NET 2.0 as I intend to eventually run it on a Win2k3 server that's only got 2.0 installed.

Any ideas?

Many thanks,
James

DrPunk 06-03-2013 09:43 AM

The code run in User.IsInRole seems to be the important part. If that returned True when it should then everything should work.

That's probably the code we need to look at.

Edit :- Apologies for not realising that User.IsInRole is not your own code. Just looking up about it now. I'll hopefully be back in a bit.

james2k2 06-03-2013 09:55 AM

Yeah, you are spot on. I've just been testing my code using fully qualified tests (i.e. "myDomain\Group") and my function is working fine to that respect. So ultimately, my goal is to get the User.IsInRole returning True as it was doing. My web.config is as follows:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <compilation debug="true">
      <assemblies>
        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
      </assemblies>
    </compilation>
    <pages />
    <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" />
        <identity impersonate="false" />
  </system.web>
  <!-- Start Force IE in Standards Mode -->
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <clear />
        <add name="X-UA-Compatible" value="IE=edge" />
      </customHeaders>
    </httpProtocol>
        <caching enabled="false" enableKernelCache="false" />
        <staticContent>
            <clientCache cacheControlMode="NoControl" />
        </staticContent>
        <defaultDocument>
            <files>
                <clear />
                <add value="default.aspx" />
                <add value="Default.htm" />
                <add value="Default.asp" />
                <add value="index.htm" />
                <add value="index.html" />
                <add value="iisstart.htm" />
            </files>
        </defaultDocument>
  </system.webServer>
  <!-- End Force IE in Standards Mode -->
</configuration>

Please forgive me too, I'm actually using IIS7.5.

james2k2 06-03-2013 11:00 AM

Just an update really. The code below is my modified function that will do the aforementioned checking properly. A side note would be that this forces a check against the Domain specified, whereas the way it was working previously would mean it could potentially match builtin or any domain (security issue). I'm not sure if this is exactly a solid solution so any input would be great. Many thanks :)

Code:

    Public Function UserIsInRole(RoleString As String, Optional NetDomain As String = "") As Boolean
        'checks to see if a comma delimited string of roles is part of the currently logged in user

        Dim SplitRoles() As String = Strings.Split(RoleString, ",")        'break down the roles to an array
        Dim RoleCount As Integer = 0                                        'set role count to zero

        If NetDomain <> "" Then NetDomain &= "\"

        For Each Role As String In SplitRoles                              'check each role in the array against the user
            If User.IsInRole(NetDomain & Role) Then RoleCount += 1
            If User.Identity.Name = NetDomain & Role Then RoleCount += 1
        Next


        If RoleCount > 0 Then                                              'return true if the user was found to match any roles supplied
            Return True
        Else
            Return False
        End If
    End Function



All times are GMT -6. The time now is 02:45 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Optimisation provided by DragonByte SEO v2.0.15 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
All site content is protected by the Digital Millenium Act of 1998. Copyright©2001-2011 MAS Media Inc. and Extreme Visual Basic Forum. All rights reserved.
You may not copy or reproduce any portion of this site without written consent.