This works but not a neat solution. I could not find a better solution on a built-in role definition for anon users so I have taken the following approach. In my CMS system all authorization requests are handled from a single business class , so I have changed it accordingly to define a default role for anon users, that is something like;void Application_AuthenticateRequest(Object sender, EventArgs e)
);
{
HttpApplication app = (HttpApplication)sender;
if (!app.Request.IsAuthenticated && app.Context.User == null)
{
FormsIdentity identity = new FormsIdentity(new
FormsAuthenticationTicket("anonymous", true, 5));
string role = "anonusers";
app.Context.User = new GenericPrincipal(identity,
new string[] { role }
}
}
public
Authorizer():base()
{
SetupRoles(base.CurrentUser.Identity.Name);
}
public Authorizer(User user) : this(user.UserName)
{
}
public Authorizer(string username) : base()
{
SetupRoles(username);
}
private void SetupRoles(string username)
{
if (String.IsNullOrEmpty(username))
username = base.AnonymousUserName;
userroles = FindRolesOfUser(username);
}
No comments:
Post a Comment