RSS Feed (xml)The application event,
Application_AuthenticateRequest, which is defined in
global.asax, is used to perform custom authentication on every request to an application.
It is the perfect place to add custom checks to determine whether the users should be
given access to a particular resource, or to determine which resources the user should be
able to access. In the following example, the list of roles the user belongs to is retrieved
and stored in the HttpContext collection, which is available for the life of each request.
Individual resources can then use the list to determine whether the users should have
access to them.
In global.asax (or its codebehind), do the following:
Sub Application_AuthenticateRequest(ByVal sender As Object sender,
➥ByVal e As EventArgs)
If Request.IsAuthenticated = True Then
Dim roles() As String
' get this user's roles (left out)
' store roles in Context for the rest of this request
Context.Items.Add("SecurityRoles", roles)
End If
End Sub
No comments:
Post a Comment