Click here to Skip to main content
13,046,184 members (105,055 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


1 bookmarked
Posted 25 Aug 2010

A simple work around of Forms Authentication based on user's role

, 25 Aug 2010
Rate this:
Please Sign up or sign in to vote.
this tip is to use roles instead of individual user's access right to limit user's access on folders

I have been searching through google couldn't find a better solution to authenticate user easily and quickly. Here is a solution I made so far, please comment on, help me improve it.

Background provide 2 authentication method, forms and windows, people normally use forms, because it provide more flexibility, while-as windows type authentication requires PC create account every user. With forms authentication a web site can use database or other method to authenticate users.

How it works

Download source code, create a IIS virtual directory, run it. That's all. It provide a default page, login page, logout page, and an admin folder, which restrict user 's access by through web.config file.

At this web.config file, important parts are:

1. Create an entry called "admin" folder, only allow users with a role of "administrators" to access it.
2. Authentication mode set to "Forms".

Web.config file snippet like this:

<location path="Admin">
            <allow roles="Administrators"/>
            <deny users="*"/>
<authentication mode="Forms"/>

Create a site map, which will be used to create your web site. Web.sitemap file
web.SiteMap file may look like this:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="" >
    <siteMapNode url="~" title="Home"  description="">
        <siteMapNode url="default.aspx" title="Home"  description="" roles="*"/>
      <siteMapNode url="login.aspx" title="Login"  description="" roles="*"/>
      <siteMapNode url="Admin/" title="Administration"  description="" roles ="*" >
        <siteMapNode url="Admin/default.aspx" title="Administration"  description="" roles ="Administrators" />
      <siteMapNode url="logout.aspx" title="Logout"  description="" roles="*"/>

Your login.aspx may look like following:
protected void btnLogin_Click(object sender, EventArgs e)
        FormsAuthenticationUtil.RedirectFromLoginPage("Lewis", "Administrators", true);

FormsAuthenticationUtil is a third party dll, which I found is quite reliably pass user's roles to application. "Lewis" is a authenticated user, "Administrators" is that user's role, this role conform to our web.config's roles and folder settings.

At your global.asax, you should see following line
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        if (HttpContext.Current.User != null)
            if (HttpContext.Current.User.Identity.IsAuthenticated)
                if (HttpContext.Current.User.Identity is FormsIdentity)
                    FormsIdentity id =
                    FormsAuthenticationTicket ticket = id.Ticket;
                    // Get the stored user-data, in this case, our roles
                    string userData = ticket.UserData;
                    string[] roles = userData.Split(',');
                    HttpContext.Current.User = new GenericPrincipal(id, roles);

Remeber add following line at top your Global.asax file:
        <%@ Import Namespace="System.Security.Principal" %>

Please rate or comment on :)


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Lewis Liu L
Software Developer
Australia Australia
No Biography provided

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170713.1 | Last Updated 25 Aug 2010
Article Copyright 2010 by Lewis Liu L
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid