Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach
https://www.codeproject.com/Articles/36836/Forms-Authentication-and-Role-based-Authorization
Problem Space
Sad, but true, “Forms authentication in ASP.NET does not directly support role based authorization”. If you have ended up implementing Forms authentication along with configuring authorization rules for “users” and “roles” in the web.config, you are going to see the access rules working fine for “users”, but, not working at all for “roles”. You might have thought, there must be some way to specify user roles in the famous FormsAuthentication.RedirectFromLoginPage()
, or, any other method. But, there isn't!
Background
This is really surprising because, in real life, most applications (if not all) actually require authorization of system resources based upon user roles, not user names. So, if you are going to use Forms authentication in your upcoming ASP.NET application, and you need to implement role based authorization in your system, you have a problem.
Wait, this is not entirely true, because of two reasons:
Reason 1: Since ASP.NET 2.0, we have Membership. It includes Membership (User) service, Role service, and Profile (User properties) service. And, using Membership, you can easily implement Role based authorization in your ASP.NET application.
Reason 2: Even if you don't use Membership, you can write some code to implement Role based authorization in Forms authentication. Basically, you need to create the authentication ticket yourself and push the user roles in the “UserData
” property after authenticating the user. Also, you need to retrieve user roles from the same “UserData
” property in the authentication ticket and set it in the current User
property in the subsequent requests. This trick works, and many have done this already.
So, What is this Article About?
Well, this article assumes that you did use Forms authentication directly instead of ASP.NET Membership in your application for some good reasons. Consequently, you implemented Role based authorization as suggested by lots of articles on the web (like this one). But I tell you, you probably ended up doing an incorrect and incomplete implementation, and you might have problems in the near future.
This article is going to address the problems with the suggested implementation approaches, and provide you a correct, smart, and quick way of implementing Role based authorization in case you are not using ASP.NET Membership in your system. All you'll need is 5 minutes to implement this!
Please take a look at this article before you proceed, in case you are new to ASP.NET and wondering about Forms Authentication.
Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach的更多相关文章
- forms authentication原理
细说ASP.NET Forms身份认证 asp.net 登陆验证 Form表单验证的3种方式 Understanding and Implementing ASP.NET Custom Forms A ...
- Forms Authentication in ASP.NET MVC 4
原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...
- Azure ARM (16) 基于角色的访问控制 (Role Based Access Control, RBAC) - 使用默认的Role
<Windows Azure Platform 系列文章目录> 今天上午刚刚和客户沟通过,趁热打铁写一篇Blog. 熟悉Microsoft Azure平台的读者都知道,在老的Classic ...
- An Overview of Forms Authentication (C#)
https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/an-o ...
- SSRS 2016 Forms Authentication
SSRS 2016 comes with completely new report manager web interface and implementing form authenticatio ...
- How does ASP.NET Forms Authentication really work?
I've always wondered how exactly ASP.NET forms authentication works. Yes, I know how to configure Fo ...
- Nancy之Forms authentication的简单使用
一.前言 想必大家或多或少都听过微软推出的ASP.NET Identity技术,可以简单的认为就是一种授权的实现 很巧的是,Nancy中也有与之相类似的技术Authentication,这两者之间都用 ...
- Nancy 学习-身份认证(Forms authentication) 继续跨平台
开源 示例代码:https://github.com/linezero/NancyDemo 上篇讲解Nancy的Basic Authentication,现在来学习Nancy 的Forms身份认证. ...
- ASP.NET 4.0 forms authentication issues with IE11
As I mentioned earlier, solutions that rely on User-Agent sniffing may break, when a new browser or ...
随机推荐
- Unity shader学习之切线空间下计算凹凸映射
切线空间,即使用顶点的切线作为x轴,法线作为z轴,法线与切线的叉积作为y轴. 使用切线空间存储法线,使得法线纹理可以复用,很好. 在切线空间中计算光照,比在世界空间中计算光照少了很多计算量.在切线空间 ...
- 标准I/O流
一.标准输入流 标准输入流对象cin,重点掌握的函数 cin.get() //一次只能读取一个字符 cin.get(一个参数) //读一个字符 cin.get(三个参数) //可以读字符串 cin.g ...
- 解决caffe绘制训练过程的loss和accuracy曲线时候报错:paste: aux4.txt: 没有那个文件或目录 rm: 无法删除"aux4.txt": 没有那个文件或目录
我用的是faster-rcnn,在绘制训练过程的loss和accuracy曲线时候,抛出如下错误,在网上查找无数大牛博客后无果,自己稍微看了下代码,发现,extract_seconds.py文件的 g ...
- 初探AngularJs框架(二)
一.创建Components组件 直接使用AngularCLI即可很方便的创建component组件,使用如下指令: ng g component components/news 这样就会在compo ...
- UVA 11488 Hyper Prefix Sets (字典树)
题目链接:https://uva.onlinejudge.org/index.php?option=com_onlinejudge&Itemid=8&page=show_problem ...
- flask框架----flask-session组件
简介 flask-session是flask框架的session组件,由于原来flask内置session使用签名cookie保存,该组件则将支持session保存到多个地方,如: redis:保存数 ...
- 细数那些不懂Spring底层原理带来的伤与痛
1. 什么是spring? Spring 是个Java企业级应用的开源开发框架.Spring主要用来开发Java应用,但是有些扩展是针对构建J2EE平台的web应用.Spring 框架目标是简化Jav ...
- 推荐:全新Java开发思维导图
蓦然回首自己做开发已经十年了,这十年中我获得了很多,技术能力.培训.出国.大公司的经历,还有很多很好的朋友. 但再仔细一想,这十年中我至少浪费了五年时间,这五年可以足够让自己成长为一个优秀的程序员,可 ...
- 数据库-MySQL入门
什么是数据库? 一定方式储存在一起.能与多个用户共享.具有尽可能小的冗余度.与应用程序彼此独立的数据集合 数据库管理系统(简称DBMS):是为管理数据库而设计的电脑软件系统,一般具有存储.截取.安全保 ...
- 左移和右移运算符<< >>
左移的符号为<< 首先来个简单的例子 求8左移两位的值 8<<2 首先 将十进制的8转为二进制的数 倒序输出----> 1000 1000 左移两位 ...