Store/assign roles of authenticated users

by

Roles are added to the IPrincipal of the HttpContext. You can create a GenericPrincipal, parse the list of roles in the constructor and set it as HttpContext.User. The GenericPrincipal will then be accessible through User.IsInRole("role") or the [Authorize(Roles="role")] attribute

One way of doing this (in C#) is to add your roles as a comma separated string in the user data parameter when creating your authentication ticket

string roles = "Admin,Member";
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
  1,
  userId,  //user id
  DateTime.Now,
  DateTime.Now.AddMinutes(20),  // expiry
  false,  //do not remember
  roles, 
  "https://stackoverflow.com/");
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
                                   FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);

Then access the role list from the authentication ticket and create a GenericPrincipal from your Global.asax.cs

protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
  HttpCookie authCookie = 
                Context.Request.Cookies[FormsAuthentication.FormsCookieName];
    if (authCookie != null) {
      FormsAuthenticationTicket authTicket = 
                                  FormsAuthentication.Decrypt(authCookie.Value);
      string[] roles = authTicket.UserData.Split(new Char[] { ',' });
      GenericPrincipal userPrincipal =
                       new GenericPrincipal(new GenericIdentity(authTicket.Name),roles);
      Context.User = userPrincipal;
    }
  }

More Related Contents:

  1. ASP.NET MVC – Set custom IIdentity or IPrincipal
  2. Asp.Net Forms Authentication when using iPhone UIWebView
  3. Adding ASP.NET MVC5 Identity Authentication to an existing project
  4. MVC 5 Access Claims Identity User Data
  5. How to remove returnurl from url?
  6. Different users get the same cookie – value in .ASPXANONYMOUS
  7. Can an ASP.NET MVC controller return an Image?
  8. Biggest advantage to using ASP.Net MVC vs web forms
  9. SignalR – Sending a message to a specific user using (IUserIdProvider) *NEW 2.0.0*
  10. ASP.NET Identity DbContext confusion
  11. Disable Session state per-request in ASP.Net MVC
  12. How do I protect static files with ASP.NET form authentication on IIS 7.5?
  13. Mixing Forms authentication with Windows authentication
  14. Is it possible to access MVC Views located in another project?
  15. Difference between Html.RenderAction and Html.Action
  16. How to Customize ASP.NET Web API AuthorizeAttribute for Unusual Requirements
  17. What is the difference between and ?
  18. Using ASP.Net MVC with Classic ADO.Net
  19. The anti-forgery cookie token and form field token do not match in MVC 4
  20. How to do a ASP.NET MVC Ajax form post with multipart/form-data?
  21. ASP.NET Core change EF connection string when user logs in
  22. Difference between DropDownlist or DropDownListFor Html helper
  23. ASP.net MVC4 WebApi route with file-name in it
  24. Unable to create an object of type ‘[DBContext’s Name]’. For the different patterns supported at design time [closed]
  25. ‘System.Net.Http.HttpContent’ does not contain a definition for ‘ReadAsAsync’ and no extension method
  26. ASP.NET MVC3 Role and Permission Management -> With Runtime Permission Assignment
  27. What do the TargetFramework settings mean in web.config in ASP .NET MVC?
  28. What is the proper way to send an HTTP 404 response from an ASP.NET MVC action?
  29. Web authentication state – Session vs Cookie?
  30. How does Html.Raw MVC helper work?

Leave a Comment