https://www.codeproject.com/Articles/36836/Forms-Authentication-and-Role-based-Authorization

Problem Space

Sad, but true, “Forms authentication in ASP.NET does not directly support role based authorization”. If you have ended up implementing Forms authentication along with configuring authorization rules for “users” and “roles” in the web.config, you are going to see the access rules working fine for “users”, but, not working at all for “roles”. You might have thought, there must be some way to specify user roles in the famous FormsAuthentication.RedirectFromLoginPage(), or, any other method. But, there isn't!

Background

This is really surprising because, in real life, most applications (if not all) actually require authorization of system resources based upon user roles, not user names. So, if you are going to use Forms authentication in your upcoming ASP.NET application, and you need to implement role based authorization in your system, you have a problem.

Wait, this is not entirely true, because of two reasons:

Reason 1: Since ASP.NET 2.0, we have Membership. It includes Membership (User) service, Role service, and Profile (User properties) service. And, using Membership, you can easily implement Role based authorization in your ASP.NET application.

Reason 2: Even if you don't use Membership, you can write some code to implement Role based authorization in Forms authentication. Basically, you need to create the authentication ticket yourself and push the user roles in the “UserData” property after authenticating the user. Also, you need to retrieve user roles from the same “UserData” property in the authentication ticket and set it in the current User property in the subsequent requests. This trick works, and many have done this already.

So, What is this Article About?

Well, this article assumes that you did use Forms authentication directly instead of ASP.NET Membership in your application for some good reasons. Consequently, you implemented Role based authorization as suggested by lots of articles on the web (like this one). But I tell you, you probably ended up doing an incorrect and incomplete implementation, and you might have problems in the near future.

This article is going to address the problems with the suggested implementation approaches, and provide you a correct, smart, and quick way of implementing Role based authorization in case you are not using ASP.NET Membership in your system. All you'll need is 5 minutes to implement this!

Please take a look at this article before you proceed, in case you are new to ASP.NET and wondering about Forms Authentication.

Forms Authentication and Role based Authorization: A Quicker, Simpler, and Correct Approach的更多相关文章

  1. forms authentication原理

    细说ASP.NET Forms身份认证 asp.net 登陆验证 Form表单验证的3种方式 Understanding and Implementing ASP.NET Custom Forms A ...

  2. Forms Authentication in ASP.NET MVC 4

    原文:Forms Authentication in ASP.NET MVC 4 Contents: Introduction Implement a custom membership provid ...

  3. Azure ARM (16) 基于角色的访问控制 (Role Based Access Control, RBAC) - 使用默认的Role

    <Windows Azure Platform 系列文章目录> 今天上午刚刚和客户沟通过,趁热打铁写一篇Blog. 熟悉Microsoft Azure平台的读者都知道,在老的Classic ...

  4. An Overview of Forms Authentication (C#)

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/introduction/an-o ...

  5. SSRS 2016 Forms Authentication

    SSRS 2016 comes with completely new report manager web interface and implementing form authenticatio ...

  6. How does ASP.NET Forms Authentication really work?

    I've always wondered how exactly ASP.NET forms authentication works. Yes, I know how to configure Fo ...

  7. Nancy之Forms authentication的简单使用

    一.前言 想必大家或多或少都听过微软推出的ASP.NET Identity技术,可以简单的认为就是一种授权的实现 很巧的是,Nancy中也有与之相类似的技术Authentication,这两者之间都用 ...

  8. Nancy 学习-身份认证(Forms authentication) 继续跨平台

    开源 示例代码:https://github.com/linezero/NancyDemo 上篇讲解Nancy的Basic Authentication,现在来学习Nancy 的Forms身份认证. ...

  9. ASP.NET 4.0 forms authentication issues with IE11

    As I mentioned earlier, solutions that rely on User-Agent sniffing may break, when a new browser or ...

随机推荐

  1. windows下golang环境搭建

    (1)golang安装配置. 下载地址:https://www.golangtc.com/download 解压后直接配置系统环境变量path,加上go.exe所在文件的路径即可. 配置系统环境变量G ...

  2. python 数据序列化(json、pickle、shelve)

    本来要查一下json系列化自定义对象的一个问题,然后发现这篇博客(https://www.cnblogs.com/yyds/p/6563608.html)很全面,感谢作者,关于python序列化的知识 ...

  3. python urlopen

    Python urllib 库提供了一个从指定的 URL 地址获取网页数据,然后对其进行分析处理,获取想要的数据. urlopen返回 一个类文件对象(fd),它提供了如下方法:read() , re ...

  4. java设计模式之动态代理的概述和实现

    概述 1.代理:本来应该自己做的事情,请了别人来做,被请的人就是代理对象. 举例:春节回家买票让人代买 2.在Java中java.lang.reflect包下提供了一个Proxy类和一个Invocat ...

  5. linux监控性能和网络的命令

    vmstat查看机器实时的综合情况:load,内存,swap,cpu使用率等方面 procs: r:运行队列中进程数量 b:等待IO的进程数量 memory(内存): swpd:使用虚拟内存大小 fr ...

  6. windows下多个python版本共存,如何在Windows7系统上安装最新的64位Python3.6.2

    windows下多个python版本共存,如何在Windows7系统上安装最新的64位Python3.6.2 1.官网下载python3.6.2https://www.python.org/ftp/p ...

  7. highchart 柱状图,单个样例

    var chart = Highcharts.chart('container', { chart: { type: 'column' }, title: { text: '月平均气温' }, sub ...

  8. SQL数据库增量备份还原方式

    SQLSERVER2008的备份还原最基本的方式自然是完整备份,然后完整还原即可. 但是如果遇到数据库文件很大,数据量很大,备份和还原需要花费不少时间的时候, 数据库的差异备份自然就成为考虑的备份方案 ...

  9. Java开发软件安装及配置

    2017-6-1 1.jdk 1.8.0_131 安装JDK 选择安装目录 安装过程中会出现两次 安装提示 . 第一次是安装 jdk ,第二次是安装 jre .建议两个都安装在同一个java文件夹中的 ...

  10. Oracle数据库的入门之一

    Oracle的介绍: Oracle Database,又名Oracle RDBMS,或简称Oracle.是甲骨文公司的一款关系数据库管理系统.它是在数据库领域一直处于领先地位的产品.可以说Oracle ...