Home  [Bill's Home]

Role-based Security

The Microsoft .NET environment now offers an excellent alternative to Java in producing portable and secure code. It uses a role-based approach for user authentication, with the WindowsIndentity class, where the GetCurrent() method can be used to get the current user. The WindowsPrincipal class can then be used to apply the role. [Lecture][Tutorial]

   

Your ID
Authenication type:
Your role:

 

The code is:

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Collections;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;
using System.Security.Principal;

public partial class _Default6 : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }
    protected void Button1_Click2(object sender, EventArgs e)
    {
        WindowsIdentity myID = WindowsIdentity.GetCurrent();

        tbRole1.Text= myID.Name;
        tbRole2.Text= myID.AuthenticationType;

        WindowsPrincipal myPrin = new WindowsPrincipal(myID);

        if (myPrin.IsInRole(WindowsBuiltInRole.Administrator))
            tbRole3.Text="You're an Administrator ";
        else
            tbRole3.Text="You're not an Administrator";
    }
}