How do I check whether a user is in a role when the user is not yet authenticated

My problem:  Users coming through a portal are automatically authenticated as guests, using a standard password that nobody ever sees.   However they can also register as normal users, in which chase they have their individual password which they know, and the usual functions to reset their password, handle a forgotten password, and so on.

So, in my register-from-portal code, after recognizing that this is a returning user we need to authenticate the user: but we don't know whether to use the standard portal password, or request an individual password.  I would like to write something like

          If User.IsInRole(Userid, "guest") Then ....  

but of course IsInRole has only one argument, and assumes that the user has already been authenticated.

So can somebody either tell me how to check whether a user who has not yet been authenticated is in a role, or suggest a different approach to this registration problem of which password to use.   Without guidance my approach will be to write my own SQL function looking up the relevant aspnet_... tables, but this does not seem to me to be a particularly wise approach.

Thank you, Robert.

0
Robert
2/7/2009 10:53:04 PM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
622 Views

Similar Articles

[PageSpeed] 53
Get it on Google Play
Get it on Apple App Store

Hey Robert,

Try this:

System.Web.Security.Roles.IsUserInRole("Username", "RolesName");


Mark as answer, if works!!

Subscribe to more articles by sending "Add Me!!" on gordo_matthews0207@yahoo.ca

Thanks and Regards

Alok Arora
0
alok
2/8/2009 12:18:09 AM

Thank you, I thought that there would have to be simple answer.  That worked first time.

Note to those writing the VS2008 Help:  while we may need to know about objects, methods, and inheritence, what we really want to know is how to do things.  Try finding out the answer to my query from the Help, without a deep knowledge of the object structure!  This was a very simple query, and you'd expect a lot of people to approach it from "I know how to use User.IsInRole(..), so why as there nothing there to direct me to this answer?  Not that I'm singling out IsInRole, all of the Microsoft documentation is hopeless.

Regards, Robert.

0
Robert
2/8/2009 12:55:24 AM
Reply:

Similar Artilces:

Creating User Account Without Default Security Role (Registered User Role)
  My DNN version is 3.1.1. The portal is set to Private Registration. Unauthenicated users have access to the basic pages of the site. We require my company's current customers to register and be approved to have access to all other pages that contain information restricted to them (the major part of the site). As you know, authorizing a user account applys the Registered User security role by default and this is how I control access to the customer areas.  We want to create a page that will be used by Marketing to allow potential customers by login to...

Combining non-authenticated users with authenticated users
Hi!I'm busy with "upgrading" my ASP-website's to asp.Net-website's.I've done a lot of tutorials on the net, but I still have a question. All the tutorials are about securing a whole directory (I need to use forms authentication). This means, a user is logged in and can access all files in the secured directory. When the user is not logged in, he will be forwarded to the login-page.My question is about the technique used, for example, by forums. A user that is not logged in, can read the page. But a user that is logged in, can read the page also, but has also the rights to post messages....

Login Control logs user in, but User is not authenticated, but user really is!
I am using aspnetmembershipprovider.  Everything works fine.  I slap a login control on my login page and am able to login and get to my secure folder etc.  When I try and put some code in the LoggedIn method "User.Identity.IsAuthenticated" = false, yet if I blow through that, I am logged, authenicated etc.  The documentation says that the LoggedIn event is "after the user is authenticated".  Any Ideas what is up?Thanks,TPS------------------------------------------------------Note Collaboration for your next confernce call.http://www.ConferenceCallNotes.com I am...

How to stop user on secured website if user keep the authentication cookie locally?
A secured web application only allows authenticated user. However, on the login page, there is a checkbox that allow user to keep the authenciation cookie locally. So if the checkbox checked, next time when user comes back and he will be able to pass the login page and goto the requested page directly. If I disable the user account and want to stop user's access, when and where I should check the account's status?  Should I check it at Session_Start in Global.asax file? Or check it in the masterpage? I don't like the masterpage idea, because it will access the DB ...

How to use user/password authentication/security within users' public_html folders
Hello, I have NW5.1SP5.1.5 and Netware Enterprise Web Server 3.5.3 installed. Can I provide my account owners the ability to use user/password authentication/security within their public_html folders of their home directories ? Regards. Mustafa Cagatayli: > within their public_html folders of their home > directories ? > sure, go into the admin server, click the Restrict Access link, and remove PUBLIC_HTML from the list of public directory designations. Joe Moore Novell Support Connection Volunteer Sysop http://just.fdisk-it.com - Coming soon: &q...

Manage Users For This Role / Manage Roles For This User Question
In the roles/user management pages there is a link called Manage Users For This Role and Manage Roles For This User respectively. I want non Admins to be able to see these pages, and currently I have it so that they can see the manage users and manage roles pages. However, when a non admin clicks on Manage Users For This Role or Manage Roles For This User link it does not display the control, just an empty page. I can get around this by giving edit rights to the page, but I do not want them to have edit rights for the page. Any ideas? Thanks  ...

Manage users and roles for users
Hi. I want to know how can i manage my users and users roles on my hosted website. I want that admin controls (when i log in as admin) allow me to change users roles and other stuff. Any1 have any guide or know any website that teach how to create a "admin.aspx" page to manage users and roles? thx Do you have the schema ready ? If yes, are you willing to change the schema ? Are you using ASP.NET 2.0 ? If yes, you can easily do this using the administration tool in ASP.NET 2.0.                 &n...

A user control to authenticate users
Hi all I have a simple user control..with two textboxes(Email and Password) and a button and two links (Forgot your password & To  register click here) ... i'm using windows forms ... when the sign in button is clicked ...i'm trying to validate user credentials against a database..if valid..i instantiate a new principal object ...and place it in the Context.User   string encPassword = new User().Encrypt(txtPassword.Text); MySitePrincipal newUser = MySitePrincipal.ValidateLogin( txtEmailAddress.Text, encPassword); if (newUser != null) { Context.User = newUser; Response....

Impersonate a different user than authenticated user
Can anyone explain how I would solve the following problem? The purpose of this app is to allow users access to corporate reports based on their username. The a web app that has the the integrated windows authentication selected at the IIS security level. I am able to retrieve the username using "Page.User.Identity.Name" to verify from an SQL database what group of reports a user is able to see. The reports are located in a network directory that I do not want to add "everyone" to the directory security in order for the application to retrieve the report. This woul...

Get User Groups of an Authenticated User
I am currently running applications in an Intranet Environment which only authenticated users are allowed to access. I was wondering if anyone new of a way to get the User Groups of the authenticated user, without having to have them type in the login information of username, pass, and domain. The current method I'm using to get the user group information using a Directory Entry and Directory Searcher Object require Username, Password, and Domain to be entered. My Code: Dim domainAndUsername As String = "domain\username" Dim entry As DirectoryEntry = New...

How to change roles for users and make users
How can I change roles for users and make users. Local can I do this with asp.net configuration tool.But the site will be on an hosting and I can't access asp.net configuration tool. Isn't it possible to access asp.net configuration tool online?Like most websites http://mywebsite.com/admin for example. Who can help me! I had the exact same problem so I wrote a special objectdatasource which is currently published in MSDN.  You can download the code on my blog. http://peterkellner.net  Peter Kellnerhttp://73rdstreet.com and blogging athttp://PeterKellner.netMVP, ASP.NET...

Problem : Get a list of user belonged to a role or to know if a user already has a role
What code can I write to know if a user belonged to a Role already ? and How can I get a list of a  user already in an existing role ? Please have a look at my code below : Protected Sub AddUsers_OnClick(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnAddUsersToRole.Click' I wanna add some code here to check if a user already belonged to a Role' Please insert your code here. Thanks a lot. ' A role must be selected If RolesListBox.SelectedItem Is Nothing Then Msg.Text = "Please select a role." Exit Sub End If ...

Validating a user and authenticating a user with Oracle
I am trying to get my arms around the providers and how to best use the login controls in asp.net 2.0 with Oracle. First, I have read through a number of documents discussing the provider model, different providers (membership, role, etc.) ref: ASP.NET 2.0 Provider Model:Introduction to the Provider Model Oct. 2005 I am getting a mental disconnect from what I think I understand about the provider model and how to code the web application.To me it seems the provider model abstracts the code so I am not coupled to a specific database. This is great if you need to use multiple or di...

Mobilink User vs Authentication User
Can the Authentication user be different from ml_user ? Here is the scenario I am trying to understand. user A has 10 devices. A's password is stored in custom user_table. authentication done using custom authentication providing username/password. If authentication successful, the ml_user is added with the username I provided. Now how would the ml_user be unique in this scenario with the same user using 10 devices. Is there a get around for this ? what I am looking for is user providing same login information on any device, but make th...

Web resources about - How do I check whether a user is in a role when the user is not yet authenticated - asp.net.security

Authenticated encryption - Wikipedia, the free encyclopedia
Authenticated Encryption ( AE ) or Authenticated Encryption with Associated Data ( AEAD ) is a block cipher mode of operation which simultaneously ...

Google Spam Report (Authenticated) - Flickr - Photo Sharing!
When you are logged into Google Webmaster Central, you can report any site that is spamming the SERPs through this tool. Post at Does Google ...

Authenticated electricity: Sony power outlets will charge you for charging
Sony is building a new kind of power outlet that raises a not entirely pleasant prospect—in the future, plugging a phone into a public wall socket ...

MLB Authenticated Game-Used Base Bar Stool
Like. From The Green Head: "If you love America's favorite pastime, now you can sit on an actual piece of it. These unique collectible bar stools ...

C-SPAN Moving to Authenticated TV Ch. Streaming
C-SPAN is launching a beta test of its migration of live online feeds of its TV channels—C-SPAN 1,2,3—to an authentication model starting Monday, ...

FDA "Corruption" Letter Authenticated: Lawyers, Start Your Engines!
The FDA's official recognition of the letter means that lawyers who want to use it to demonstrate that the FDA isn't perfect won't have to go ...

Buddy Rich's Authenticated and Complete 1960s Zildjian Cymbal Set Available on eBay for $29,995
Buddy Rich's complete 1960s Zildjian cymbal set is available for purchase on eBay. In the massive world of the Internet, anything is apparently ...

FileVault's authenticated restart has hardware requirements
If you use FileVault and wish to restart remotely, you can do so with the 'fdesetup' command; however, this does have some hardware limitations. ...

BREAKING: Michael Brown Audio Aired By CNN Authenticated
Video messaging service Glide has confirmed to the Washington Post the exact time and date the audio recording with gunshot sounds on it was ...

Sheriff: Brenham vet can't be charged with killing cat unless Facebook photo is authenticated
As a team investigated the image, the clinic where Kristen Lindsey worked said Friday that she'd been fired and condemned her post "in the strongest ...

Resources last updated: 11/24/2015 11:42:10 PM