|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Form authenticationI've got a .NET application where users authenticate using Form Authentication and then they're assigned to Admin or User roles. Admins are allowed to modify data and Users have read-only permissions. After data is modified I'd like Admins to be able to preview data in the new browser window which would open in the User mode. To implement this scenario I set up two Virtual directories - Live and Preview. The Admin logs into the Live site, FormsAuthenticationTicket is created and the user is assigned to the Admin role. When he clicks the preview button, a new browser window opens the Preview site, FormsAuthenticationTicket is created and the user is asigned to the User mode. The problem is that after Preview site opens the user can work on the Preview site, but the authentication ticket is set to NULL on the Live site and the user is redirected to the login page. Could someone advice me if there is any way to isolate those two applications that the same user could work with two applications on the same machine at the same time, but would be assigned to different roles in each application? Adding <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="Auto" compatibilityMode="Framework20SP1" /> to web.config files does not work.... Thanks Darius
Show quote
Hide quote
"Sabotage" <sabot***@vkt.lt> wrote in message You may want to look into Role based security using SQL Server User and Role news:OXHFoSP6JHA.1096@TK2MSFTNGP06.phx.gbl... > Hi all, > > I've got a .NET application where users authenticate using Form > Authentication and then they're assigned to Admin or User roles. Admins > are allowed to modify data and Users have read-only permissions. After > data is modified I'd like Admins to be able to preview data in the new > browser window which would open in the User mode. > > To implement this scenario I set up two Virtual directories - Live and > Preview. The Admin logs into the Live site, FormsAuthenticationTicket is > created and the user is assigned to the Admin role. When he clicks the > preview button, a new browser window opens the Preview site, > FormsAuthenticationTicket is created and the user is asigned to the User > mode. The problem is that after Preview site opens the user can work on > the Preview site, but the authentication ticket is set to NULL on the Live > site and the user is redirected to the login page. > > Could someone advice me if there is any way to isolate those two > applications that the same user could work with two applications on the > same machine at the same time, but would be assigned to different roles in > each application? > tables, whereas, the .NET Role based security for a user with multiple roles can be implemented. __________ Information from ESET NOD32 Antivirus, version of virus signature database 4143 (20090610) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com 
Other interesting topics
XmlDSig trouble
ComputeSignature: The Keyset is not defined .NET Security Failed to access IIS metabase Empty Event Logs from Windows 2003 Server,Win32_NTLogEvent,WMI SslStream and AES 128 cipher MD5CryptoServiceProvider tied to machine? Firewall Error Messgae RE: .NET CLR Error 800700002 Ofuscar mi aplicación |
|||||||||||||||||||||||
