.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

how to implement Roles Authentication?

Posted By:      Posted Date: September 15, 2010    Points: 0   Category :Windows Application
We are creating a Desktop Application in Visual Studio 2008 C# .NET 3.5, using Windows Forms.  We need to implement Roles Based Security; i.e., the User Login will be associated to a Role (Administrator, Supervisor, Limited, etc) and the Forms available to each User will be limited based on their Role (i.e., a Limited User cannot access all of the Forms that an Administrator can access). I'm only seeing support for this type of built in functionality for Web Applications (ASP.NET).  Is there such a thing for a Windows Forms Desktop Application?  We are using SQL Server 2008 to store the User data. If there is no built-in support, can you suggest the best way to implement Role Based Security in a Windows Forms Application? Thank You!

View Complete Post

More Related Resource Links

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Best way to implement authentication and authorization for a sharepoint 2010 website.

Hi I come across different authentication methods in Sharepoint 2010. The sharepoint website we are develpoing as of now is Intranet. Later we are planning to move it to Internet(Public) site. What will be the best way to implement authentication and authorization for our website. If windows authentication(Classic mode authentication) is default for a sharepoint website (2010) , I have a few questions ragarding windows authentication. 1) In case of windows authentication, where should we maintain  users? 2) In case of windows authentication, how are the users created? 3) In case of windows authentication, how can I perform authorization.   If we want to use FBA(Form based authentication) in sharepoint 2010, I have a few questions ragarding FBA in sharepoint 2010. 1) In case of FBA(using Claim based authentication) , if we want to use custom database(where we are storing user details and  roles) rather than bulitin SQL membership  provider, how can we achieve this? Can anyone provide some useful resources to implement authentication(Windows or FBA or dual) and authorization for a sharepoint 2010 website with sample code? Please reply ASAP. Thanks & Regards Mahendra Babu

Windows authentication & Roles within multiple Active Directories



I am struggling to set up a web site which sits in multiple domains.

I have two AD domains - Main and Secondary.

My site is configured as below.


<authentication mode="Windows"/>
  <identity impersonate="false"/>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
   <allow users="*"/>
   <deny users="?"/>


<location path="Default.aspx">
    <allow roles="Secondary\All Staff,Main\Site-Editor"/>
    <deny users="?"/>
    <deny users="*"/>

<location path="Edit.aspx">
    <allow roles="Main\Site-Editor"/>
    <deny users="?"/>

How to implement Context based Authentication/Authorization?



We all aware of Role based security in ASP.NET. Above to that, I want to apply some business rules for authorization. These business rules are subjected to change dynamically.
Ex: Print option is available between 9am To 12pm, for Adminstrators.

I can control access to print option available for only for Administrators using Role-based authrozation. But here "9 am - 12pm" rule is my business context.

Need authorize the use action based on this context.
My target is to implement this without changing in Code - rebuild and deploy the DLLs.

I heard a copncept of XACML (eXtensible Access Control Markup Language). Seems this approch cann address my requirement.

I am using ASP.NET 4.0, SQL Server 2008, IIS 7, Windows 2008 Server.

Please provide the below information...
1. Is this approch supported by Microsoft?
2. Is there any open source implementaitons in .NET?
3. How Windows Identity Foundation relates to this?

Please share, if there is any work-around for Context based Authorization in .NET.
Thank you in Advance.


Implement both Forms and Windows Authentication


I have two web sites that will be hitting the same reporting services instance.  One is external facing (internet), the other intranet.  The external site is unable to use windows authentication because some of the devices to not support the challenge popup to enter their credentials (think: blackberry without enterprise server).  The other site is just normal windows machines who can pass their credentials normally.  From the research I have found it sounds like [for the external site] I have to have a form that collects their credentials, authenticates (via LogonUser) and they can go on their merry way.  I do not want to do this step for the internal site - I would like to rely on normal windows authentication.

The question is:  Is it possible to specify both types of authentication (custom extension and windows) on the same instance, or do I have to use 2 instances, or use forms for both?

Thank you in advance,


Trying to implement Forms-based authentication



I have a web-application that is set to windows-authentication and is created as anonymous. This is at default zone. I want to change this to forms based authentication.

I tried extending web-application and creating new zone as Extranet but it is asking me to specify the url (within load-balanced url) that should not be same as the url of the default zone url. Dont' know why. Please suggest.

But for now, I had a question. If I modify the default zone to be forms based, will it cause any problems? I am assuming that this will be default for any type of user (internal, external etc) ? Please let me know.  

Also as far as web.config changes (considering changes to default zone ),  is it fine if I modify web.config of this site plus the central admin web.config? If there are another 5 web-applications (that are totally different but reside in same farm), do I need web.config of those web-application also?


Please suggest.


Our goal is that this website (even when accessed internally) will be through form-based authentication only. So 

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

how implement transformations in slideshow extender.



i am working on ajax slideshow extender.

can anybody help in coding for 

1) implement transformations between slide to slide.

2) and the direction means orientation in changing of slides.

I hope u got my querries.

please help in this regard.

thanks in advance.

how implement this code


check this link

and how can i implement on aspx page to get value on textbox


Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Hard Code Roles on the Pages


If i hard coded role=Manager on the specific SiteMap/Folder/Page/etc. I will have problem when the manager need to remove from access a specific page. I need to change the code ont eh page/SiteMap/Folder more move the file into another folder.

What i have in mind is to change the role to taks oriented. such as role=AddStock, Edit Stock, Delete Stock, Print DO, Add Sales, Edit Sales, Deleted Sales..... (but it will be many role for 1 user compare to just 1 as Manager)

Will this cause performance issues later when each user have 60 roles and if i have 20,000 user will it affect the application performance?

Otherwise any other option? to make it flexible.

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend