Ayesha balooshi

Ayesha balooshi

  • NA
  • 18
  • 28.2k

User.Identity in Global.ASAx

Jun 1 2010 10:22 AM

Hi guys,
i know this is a C# Discusssion forum, my questions are always in VB.net
 
 
sorry

In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder.

Each folder contains some forms; these forms are based on the role as well.

We'd like to add "user.identity" as to authenticate the user based on the  user_id from table websit_ users

However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied.

 

And where do we put the user.identity and what is the exact format of it.  

 

Do we include it in our Global.asax after the authentication part?!

This is the code in global.asax

 

 

                <%@ Import Namespace="System.web.Security" %>

<%@ Import Namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Security.principal" %>

<%@ Import Namespace="System.Web.Configuration" %>

<%@ Application Language="VB" %>

 

<script runat="server">

 

    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)

        ' Code that runs on application startup

    End Sub

   

    Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)

        ' Code that runs on application shutdown

    End Sub

       

    Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)

        ' Code that runs when an unhandled error occurs

    End Sub

 

    Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)

        ' Code that runs when a new session is started

    End Sub

 

    Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)

        ' Code that runs when a session ends.

        ' Note: The Session_End event is raised only when the sessionstate mode

        ' is set to InProc in the Web.config file. If session mode is set to StateServer

        ' or SQLServer, the event is not raised.

    End Sub

      

    Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)

        If Request.IsAuthenticated Then

           

            'Declare variables

            Dim sSQL, ConnectionString As String

            Dim objDataCommand As SqlCommand

            Dim objConnection As SqlConnection

 

            ConnectionString = WebConfigurationManager.ConnectionStrings("Carbon_free_ConnectionString").ConnectionString

           

            'Create connection and open

            objConnection = New SqlConnection(ConnectionString)

            objConnection.Open()

 

            'Build SQL to retrieve the roles of the authinticated user. Your     will be different according to your database tables and fileds names

           

            'sSQL = "Select role_desc FROM Roles R INNER JOIN role_user RU on " & _

            '"R.role_id = RU.role_id INNER JOIN Employees E on " & _

            '"RU.EmployeeID = E.EmployeeID AND E.EmployeeID = " & User.Identity.Name

           

           

           

            'SELECT table1.column1, table2.column2 FROM table1 INNER JOIN table2

            ' ON table1.column1 = table2.column1;

           

            sSQL = "Select Role_Name from Role R INNER JOIN Website_Users U on U.Role_ID = R.Role_ID AND U.User_ID = " & User.Identity.Name

 

           

            objDataCommand = New SqlCommand(sSQL, objConnection)

 

            'Execute query and return the role/roles of the user

            Dim reader As SqlDataReader = objDataCommand.ExecuteReader()

 

            'add the roles to an array list

            Dim rolelist As New ArrayList

            Do While reader.Read()

                rolelist.Add(reader("Role_Name"))

            Loop

 

            'convert the roles array list to a string array

            Dim rolelistArray As String() = rolelist.ToArray(GetType(String))

           

            'assign the roles to the authinticated user

            HttpContext.Current.User = New GenericPrincipal(User.Identity, rolelistArray)

 

            'close connection t the database

            objConnection.Close()

           

        End If

    End Sub

</script>

We need your help, can any1 advice ASAP?!


Answers (1)