AceCollection

I have made some decent progress on switching RS to use form based
authentication. Currently the application validates the user against
are Oracle database, then accepts the cookie created by the page and
then converts the cookie into a principal object which is used for the
authorization portion of the process. I have this working as long as
the user is an Admin, but I have a problem if they are not. When the
subroutine goes into the authorization portion of code for a non-admin
user, it calls an ACL. By looking at the code as it runs it would seem
that the ACL is empty, how can I modify this to add policies for users
or groups? Is the ACL an actual object that I can open an edit, sorry
I am new to most of all of this.
ThanksYou need to modify the CheckAccess functions in Authrorization to loop
through the username and all the groupnames the user is part of. That way,
it will apply role-based security. Something like this:
ArrayList userGroups = GetUserGroups(userName);
AceCollection acl = DeserializeAcl(secDesc);
foreach(AceStruct ace in acl)
{
foreach(string principalName in userGroups)
{
// First check to see if the user or group has an access control
// entry for the item
if (0 == String.Compare(principalName, ace.PrincipalName, true,
CultureInfo.CurrentCulture))
{
etc.
etc.
--
Cheers,
'(' Jeff A. Stucker
\
Business Intelligence
www.criadvantage.com
---
"Will" <wlansing@.rlcarriers.com> wrote in message
news:1110232152.683072.256120@.g14g2000cwa.googlegroups.com...
>I have made some decent progress on switching RS to use form based
> authentication. Currently the application validates the user against
> are Oracle database, then accepts the cookie created by the page and
> then converts the cookie into a principal object which is used for the
> authorization portion of the process. I have this working as long as
> the user is an Admin, but I have a problem if they are not. When the
> subroutine goes into the authorization portion of code for a non-admin
> user, it calls an ACL. By looking at the code as it runs it would seem
> that the ACL is empty, how can I modify this to add policies for users
> or groups? Is the ACL an actual object that I can open an edit, sorry
> I am new to most of all of this.
> Thanks
>|||Jeff, thanks for the response. I think that I still maybe a step
behind you though, can you tell me where the information for this call
comes from. AceCollection acl = DeserializeAcl(secDesc);
When I debug though this code, the acl is always empty and therefore
never gets into the foreach loop. Am I doing something wrong? Thanks
again for your response.