Quick Clarification - Windows Authentication - Custom Role Table (as I dont want so many tables)
I have intranet application and only windows authentication is enabled. I connect to SQL DB as impersonate user. I want the app use one single user but control the buttons and menus based on roles table.
2. I created simple table, WebUsers; Columns: WebUserID, DomainLoginName, IsUserActive, IsAdminUser, IsDataAddUser, IsDataEditUser
and created the role provider ... : RoleProvider ... only implemented GetRolesForUser(string username...)
3. Global.asax: Session_Start - I am adding getting roles from db and adding to the session variable ...
NOT SURE WHY I NEED IN SESSION ...
4. Global.asax: Application_AuthenticateRequest
if (User.Identity.IsAuthenticated && Request.Path.Contains(".aspx") && !Request.Path.Contains("NoRolesOrAccessDenied.aspx"))
{
string UserName = User.Identity.Name;
if (!String.IsNullOrEmpty(UserName))
{
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(User.Identity, (new MyAppSqlRoleProvider()).GetRolesForUser(UserName));
HttpContext.Current.Items.Add("IsUserSearchedInDB", "1");
}
}
It is working fine!
Questions:
1. Is the approach safe and fastest?
2. How to avoid GetRolesForUser for every .aspx request in Application_AuthenticateRequest ? Do I have to issue FormsAuthenticationTicket using windows id and see if it exists then use it, else query from the database?
2. How to avoid GetRolesForUser for every .aspx request in Application_AuthenticateRequest ? Do I have to issue FormsAuthenticationTicket using windows id and see if it exists then use it, else query from the database?
Thanks for the reply, Do you want me to cache the roles per user? Do you have a sample code? (I have done caching but not sure how to do the user roles caching ... I mean the string to cache ... ]
void Application_PostAuthenticateRequest()
{
if (User.Identity.IsAuthenticated)
{
var name = User.Identity.Name;
var key = "Roles." + name;
var roles = HttpContext.Current.Cache[key] as string[];
if (roles == null)
{
roles = new string[] { "Admin", "Developer" }; // load from your DB
HttpContext.Current.Cache.Insert(key, roles, null, DateTime.Now.AddHours(1), Cache.NoSlidingExpiration);
}
HttpContext.Current.User =
Thread.CurrentPrincipal =
new GenericPrincipal(User.Identity, roles);
}
}
1. Cool, perfect. I have only 100 users at the max in my db. So the caching this many users many not be that performance hit. I was missing the key idea. Thanks for the Pseudo code.
2. I am doing my code in Application_AuthenticateRequest ... But you posted as Application_PostAuthenticateRequest
Which one I should use? Please advice.
3. Some other one in the forum posted, as to issue a FormAuthenticationTicket based on windows identity ...
Which one is better? (I like yours, as it is very simple and also mine is only Intranet)
2. I am doing my code in Application_AuthenticateRequest ... But you posted as Application_PostAuthenticateRequest
Which one I should use? Please advice.
Application_PostAuthenticateRequest
v_sreedhar@hotmail.com
3. Some other one in the forum posted, as to issue a FormAuthenticationTicket based on windows identity ...
Which one is better? (I like yours, as it is very simple and also mine is only Intranet)
You already have the windows identity. Doesn't make sense to convert it to a forms identity or even try to then issue a FormsAuthentication cookie. Do it the way I showed -- it's simple.
v_sreedhar@h...
Member
178 Points
114 Posts
Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 09:19 AM|LINK
Hi,
Quick Clarification - Windows Authentication - Custom Role Table (as I dont want so many tables)
I have intranet application and only windows authentication is enabled. I connect to SQL DB as impersonate user. I want the app use one single user but control the buttons and menus based on roles table.
1. web.config:
<authentication mode="Windows"/>
<identity impersonate="true" userName="webuser" password="..." >
<roleManager enabled="true" defaultProvider="MyAppSqlRoleProvider">
<providers><clear/>
<add name="MyAppSqlRoleProvider" type="MyProject.Security.MyAppSqlRoleProvider"
connectionStringName="DatabaseMyAppSqlConnString" applicationName="MyApp" />
</providers></roleManager>
2. I created simple table, WebUsers; Columns: WebUserID, DomainLoginName, IsUserActive, IsAdminUser, IsDataAddUser, IsDataEditUser
and created the role provider ... : RoleProvider ... only implemented GetRolesForUser(string username...)
3. Global.asax: Session_Start - I am adding getting roles from db and adding to the session variable ...
NOT SURE WHY I NEED IN SESSION ...
4. Global.asax: Application_AuthenticateRequest
if (User.Identity.IsAuthenticated && Request.Path.Contains(".aspx") && !Request.Path.Contains("NoRolesOrAccessDenied.aspx")) { string UserName = User.Identity.Name; if (!String.IsNullOrEmpty(UserName)) { HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(User.Identity, (new MyAppSqlRoleProvider()).GetRolesForUser(UserName)); HttpContext.Current.Items.Add("IsUserSearchedInDB", "1"); } }It is working fine!
Questions:
1. Is the approach safe and fastest?
2. How to avoid GetRolesForUser for every .aspx request in Application_AuthenticateRequest ? Do I have to issue FormsAuthenticationTicket using windows id and see if it exists then use it, else query from the database?
Thanks
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 01:13 PM|LINK
Use the ASP.NET Data Cache to cahe the roles.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
v_sreedhar@h...
Member
178 Points
114 Posts
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 05:15 PM|LINK
Hi BrockAllen,
Thanks for the reply, Do you want me to cache the roles per user? Do you have a sample code? (I have done caching but not sure how to do the user roles caching ... I mean the string to cache ... ]
Regards
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 05:25 PM|LINK
Something like this...
void Application_PostAuthenticateRequest() { if (User.Identity.IsAuthenticated) { var name = User.Identity.Name; var key = "Roles." + name; var roles = HttpContext.Current.Cache[key] as string[]; if (roles == null) { roles = new string[] { "Admin", "Developer" }; // load from your DB HttpContext.Current.Cache.Insert(key, roles, null, DateTime.Now.AddHours(1), Cache.NoSlidingExpiration); } HttpContext.Current.User = Thread.CurrentPrincipal = new GenericPrincipal(User.Identity, roles); } }Pseudo code, mind you. :)
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
v_sreedhar@h...
Member
178 Points
114 Posts
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 06:14 PM|LINK
Hi Brock Allen,
1. Cool, perfect. I have only 100 users at the max in my db. So the caching this many users many not be that performance hit. I was missing the key idea. Thanks for the Pseudo code.
2. I am doing my code in Application_AuthenticateRequest ... But you posted as Application_PostAuthenticateRequest
Which one I should use? Please advice.
3. Some other one in the forum posted, as to issue a FormAuthenticationTicket based on windows identity ...
Which one is better? (I like yours, as it is very simple and also mine is only Intranet)
Regards
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 06:44 PM|LINK
Application_PostAuthenticateRequest
You already have the windows identity. Doesn't make sense to convert it to a forms identity or even try to then issue a FormsAuthentication cookie. Do it the way I showed -- it's simple.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
v_sreedhar@h...
Member
178 Points
114 Posts
Re: Quick clarification - Windows Authentication - Custom Role Table
Apr 26, 2012 07:55 PM|LINK
Thank you very much ... marking as answered ...