Asp.Net Forms Authentication with Groups and Roles

-

I found this great post from Rob Convery on creating a FilterAttribute that can be used to authorize specific controller actions against roles. I’d always wanted to implement a Group strategy and had made several attempts. They all seemed like kluges and I was never really happy.

One small change to Rob’s code and I can do grouping in a simple manner. Note: If you have a large number of roles and groups, this will probably not work for you. Also, this uses Asp.Net MVC.

ok, Rob’s code basically checked for a single role and you could use a constant to supply the role name. Something like

[RequiresRoleAttribute(RoleToCheckFor = ApplicationRoles.AdminRole)]
public ActionResult Edit(int id)

My change just allows you to pass more than one role into RoleToCheckFor.  Basically, I split RoleToCheckFor using a comma.

[RequiresRoleAttribute(RoleToCheckFor = ApplicationRoles.ChangeClientsGroup)]
public ActionResult Edit(int id)
The ApplicationRoles class looks like this.
public class ApplicationRoles
{
    public const string AdminRole = "Admin";
    public const string EntryRole = "Entry";
    public const string ManagementRole = "Management";
    public const string SecurityRole = "Security";

    public const string ChangeClientsGroup = Admin + "," + Entry;
}

ChangeClientsGroup is simply a constant that contains all the allowed roles for changing clients. Biggest drawback here, I want to change a group, I need to redeploy. This isn’t really a problem since I don’t have to change my roles a lot but…
public class RequiresRoleAttribute : ActionFilterAttribute
{
    public string RoleToCheckFor { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        //redirect if the user is not authenticated
        if (!String.IsNullOrEmpty(RoleToCheckFor))
        {

            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {

                //use the current url for the redirect
                string redirectOnSuccess = filterContext.HttpContext.Request.Url.AbsolutePath;

                //send them off to the login page
                string redirectUrl = string.Format("?ReturnUrl={0}", redirectOnSuccess);
                string loginUrl = FormsAuthentication.LoginUrl + redirectUrl;
                filterContext.HttpContext.Response.Redirect(loginUrl, true);

            }
            else
            {
                bool isAuthorized = false;
                string[] roles = this.RoleToCheckFor.Replace(" ", string.Empty).Split(',');
                foreach (string role in roles)
                {
                    isAuthorized = filterContext.HttpContext.User.IsInRole(role);
                    if (isAuthorized) { break; }
                }
                if (!isAuthorized)
                {
                    ApplicationError appEevent = new ApplicationError();
                    appEevent.Caller = Thread.CurrentPrincipal.Identity.Name + ":" + filterContext.Controller.GetType().Name + ":" + filterContext.HttpContext.Request.Path;
                    appEevent.ErrorMessage = "Unauthorized access attempt";
                    ApplicationManager.RecordEvent(appEevent);
                    FormsAuthentication.SignOut();
                    filterContext.HttpContext.Response.Redirect("/SecurityViolation.htm", true);
                }
            }
        }
        else
        {
            throw new InvalidOperationException("No Role Specified");
        }
    }
}

Hopes this works for you!

Comments

Post a Comment

Popular posts from this blog

Migrating Legacy Apps to the New SimpleMembership Provider

-
Image
Asp.Net MVC4 uses the new SimpleMembership provider, changes the table structure and adds a new hashing algorithm. The reasons for the changes can be found in this article by Jon Galloway. This article shows how to migrate your existing apps to the new provider. I’m assuming that you stored your passwords in the unrecoverable SHA-1 format. If you didn’t, then you’ll have to change a couple of things. All of my apps are done this way so… I’m also assuming that you have created the basic skeleton of the new app and ran it once so the correct tables will be created. First, we’ll look at the new tables. Previously, we had all of those aspnet_xxxxxx tables. Here’s the new ones. UserProfile Contains all of the elements relevant to the user. This is a combination of the aspnet_Users table and the aspnet_Profiles table. webpages_Membership Stores the password info when not using OAuth, Live, Facebook, etc. This table is somewhat of a match to the aspnet_Membership table. webpage...
Read more

Windows 8 Keyboard Shortcuts

-
Image
There are numerous posts on the keyboard shortcuts in Windows 8. I’m not going to regurgitate those. Here are the common things you’ll want to do. Shut Your Computer Off, Network / Wi-Fi, Volume, Keyboard Press Windows+I which brings up the Settings bar (below left). Search, Change Application Settings, Manage Devices Windows+C which brings up the Charms bar (above right). Want to find a song or artist in Music, use The rest of the story If you want to read about other short-cuts and print a handy-dandy cheat sheet, visit the Windows Experience Blog . IE 10 Want to get the most out of IE10, then How-To Geek’s The Best Tips and Tricks for Getting the Most out of Internet Explorer 10 is exactly what you need. There’s also Internet Explorer 10 Shortcut Keys In Windows 8 which has some Windows 8 stuff also.
Read more

Get Asp.Net Profile properties from Sql

-
Image
Ever wanted to include the profile information from an Asp.Net profile in a query? It’s not that hard once you understand the structure. I’ve written a little function that does all the work. Note: I’m using Sql Server as my repository. First we need to understand how the profile data is stored. Looking at the aspnet_Profile table, we can see that it stores the information in two columns: PropertyNames and PropertyValuesString. Looking at PropertyNames we can see that it has a basic structure of Property Name, Data Type, Starting Position and Length. For example, in the string “FirstName:S:0:4:Phone:S:4:10:LastName:S:14:5:” we can see that FirstName is of type string, starts at position 0 and has a length of 4. Notice the zero base for the starting position, we need to correct for that in our function. This means in the PropertyValuesString “John2175551212Smith”, we would start with the first position and proceed 4 c...
Read more