[Mono-list] how to do proper role based authentication in web apps

Rainer Burgstaller rainer.burgstaller@web.de
Sat, 05 Jun 2004 08:44:18 +0200

> Check this article: 
> Part 1:
> http://www.ondotnet.com/pub/a/dotnet/2004/02/02/effectiveformsauth.html
> Part 2: http://www.ondotnet.com/pub/a/dotnet/2004/02/16/formsauthpt2.html

Thanks for the response. 

Actually, part1 is what I came up myself and part2 is just a slight improvement. Still there is the issue that the formsauthenticationmodule will first intercept the cookie, set one "dummy" principal and then my piece of code overrides that. This is not really elegant. I was actually looking for something like this membership stuff however, it does not seem to be implemented yet. So I guess I will integrate the stuff from part2 and stick to it for the moment until the new features are implemented in mono. 

By the way there is a difference in the mono implementation and microsofts. When I set the HttpContext.CurrentUser (I dont know the syntax by heart) the Thread.CurrentPrincipal is not updated in mono but in Ms .NET it is. So currently for mono I have to set both to the principal I want to use. Otherwise the permission stuff wont work.

thanks for the hints
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193