In the website we have several folders, some folders are accessible by anonymous users, others are accessible by members only, some by administrators or a both administrators and members can view this folder.
Each folder contains some forms; these forms are based on the role as well.
We'd like to add "user.identity" as to authenticate the user based on the user_id from table websit_ users
However we are not sure , wither we need to specify each and every form, folder or this will be done automatically once authentication is applied.
And where do we put the user.identity and what is the exact format of it.
Do we include it in our Global.asax after the authentication part?!
This is the code in global.asax
<%@ Import Namespace="System.web.Security" %><%@ Import Namespace="System.Data.SqlClient" %><%@ Import Namespace="System.Security.principal" %><%@ Import Namespace="System.Web.Configuration" %><%@ Application Language="VB" %> <script runat="server"> Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs on application startup End Sub Sub Application_End(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs on application shutdown End Sub Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs when an unhandled error occurs End Sub Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs when a new session is started End Sub Sub Session_End(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs when a session ends. ' Note: The Session_End event is raised only when the sessionstate mode ' is set to InProc in the Web.config file. If session mode is set to StateServer ' or SQLServer, the event is not raised. End Sub Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs) If Request.IsAuthenticated Then 'Declare variables Dim sSQL, ConnectionString As String Dim objDataCommand As SqlCommand Dim objConnection As SqlConnection ConnectionString = WebConfigurationManager.ConnectionStrings("Carbon_free_ConnectionString").ConnectionString 'Create connection and open objConnection = New SqlConnection(ConnectionString) objConnection.Open() 'Build SQL to retrieve the roles of the authinticated user. Your will be different according to your database tables and fileds names 'sSQL = "Select role_desc FROM Roles R INNER JOIN role_user RU on " & _ '"R.role_id = RU.role_id INNER JOIN Employees E on " & _ '"RU.EmployeeID = E.EmployeeID AND E.EmployeeID = " & User.Identity.Name 'SELECT table1.column1, table2.column2 FROM table1 INNER JOIN table2 ' ON table1.column1 = table2.column1; sSQL = "Select Role_Name from Role R INNER JOIN Website_Users U on U.Role_ID = R.Role_ID AND U.User_ID = " & User.Identity.Name objDataCommand = New SqlCommand(sSQL, objConnection) 'Execute query and return the role/roles of the user Dim reader As SqlDataReader = objDataCommand.ExecuteReader() 'add the roles to an array list Dim rolelist As New ArrayList Do While reader.Read() rolelist.Add(reader("Role_Name")) Loop 'convert the roles array list to a string array Dim rolelistArray As String() = rolelist.ToArray(GetType(String)) 'assign the roles to the authinticated user HttpContext.Current.User = New GenericPrincipal(User.Identity, rolelistArray) 'close connection t the database objConnection.Close() End If End Sub</script>
<%@ Import Namespace="System.web.Security" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Security.principal" %>
<%@ Import Namespace="System.Web.Configuration" %>
<%@ Application Language="VB" %>
<script runat="server">
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs on application startup
End Sub
Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs on application shutdown
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs when an unhandled error occurs
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs when a new session is started
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
' Code that runs when a session ends.
' Note: The Session_End event is raised only when the sessionstate mode
' is set to InProc in the Web.config file. If session mode is set to StateServer
' or SQLServer, the event is not raised.
Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
If Request.IsAuthenticated Then
'Declare variables
Dim sSQL, ConnectionString As String
Dim objDataCommand As SqlCommand
Dim objConnection As SqlConnection
ConnectionString = WebConfigurationManager.ConnectionStrings("Carbon_free_ConnectionString").ConnectionString
'Create connection and open
objConnection = New SqlConnection(ConnectionString)
objConnection.Open()
'Build SQL to retrieve the roles of the authinticated user. Your will be different according to your database tables and fileds names
'sSQL = "Select role_desc FROM Roles R INNER JOIN role_user RU on " & _
'"R.role_id = RU.role_id INNER JOIN Employees E on " & _
'"RU.EmployeeID = E.EmployeeID AND E.EmployeeID = " & User.Identity.Name
'SELECT table1.column1, table2.column2 FROM table1 INNER JOIN table2
' ON table1.column1 = table2.column1;
sSQL = "Select Role_Name from Role R INNER JOIN Website_Users U on U.Role_ID = R.Role_ID AND U.User_ID = " & User.Identity.Name
objDataCommand = New SqlCommand(sSQL, objConnection)
'Execute query and return the role/roles of the user
Dim reader As SqlDataReader = objDataCommand.ExecuteReader()
'add the roles to an array list
Dim rolelist As New ArrayList
Do While reader.Read()
rolelist.Add(reader("Role_Name"))
Loop
'convert the roles array list to a string array
Dim rolelistArray As String() = rolelist.ToArray(GetType(String))
'assign the roles to the authinticated user
HttpContext.Current.User = New GenericPrincipal(User.Identity, rolelistArray)
'close connection t the database
objConnection.Close()
End If
</script>
We need your help, can any1 advice ASAP?!