Form authentication

S

Sabotage

Hi all,

I've got a .NET application where users authenticate using Form
Authentication and then they're assigned to Admin or User roles. Admins are
allowed to modify data and Users have read-only permissions. After data is
modified I'd like Admins to be able to preview data in the new browser
window which would open in the User mode.

To implement this scenario I set up two Virtual directories - Live and
Preview. The Admin logs into the Live site, FormsAuthenticationTicket is
created and the user is assigned to the Admin role. When he clicks the
preview button, a new browser window opens the Preview site,
FormsAuthenticationTicket is created and the user is asigned to the User
mode. The problem is that after Preview site opens the user can work on the
Preview site, but the authentication ticket is set to NULL on the Live site
and the user is redirected to the login page.

Could someone advice me if there is any way to isolate those two
applications that the same user could work with two applications on the same
machine at the same time, but would be assigned to different roles in each
application?

Adding

<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="Auto"
compatibilityMode="Framework20SP1" />

to web.config files does not work....


Thanks
Darius
 
M

Mr. Arnold

Sabotage said:
Hi all,

I've got a .NET application where users authenticate using Form
Authentication and then they're assigned to Admin or User roles. Admins
are allowed to modify data and Users have read-only permissions. After
data is modified I'd like Admins to be able to preview data in the new
browser window which would open in the User mode.

To implement this scenario I set up two Virtual directories - Live and
Preview. The Admin logs into the Live site, FormsAuthenticationTicket is
created and the user is assigned to the Admin role. When he clicks the
preview button, a new browser window opens the Preview site,
FormsAuthenticationTicket is created and the user is asigned to the User
mode. The problem is that after Preview site opens the user can work on
the Preview site, but the authentication ticket is set to NULL on the Live
site and the user is redirected to the login page.

Could someone advice me if there is any way to isolate those two
applications that the same user could work with two applications on the
same machine at the same time, but would be assigned to different roles in
each application?
Click to expand...

You may want to look into Role based security using SQL Server User and Role
tables, whereas, the .NET Role based security for a user with multiple roles
can be implemented.



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4143 (20090610) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Viewstate Encryption 4
Forms authentication across multiple applications and framework versions 1
web.config question 7
SqlMembershipProvider database reusage 3
FIPS validated cryptographic algorithm ASP.Net 2.0 Parsing Error 1
Strange Role-Based authentication problem! 5
MVC Web-API - token based authentication 2
Forms authentication cookie handling question (C#) 4

Top