asp.net - Assign Role to Anonymous session -


our site uses asp role , membership provider system forms authentication. have organized our files folders enforce authorization list via folder web.config document (eg: must have admin role access pages in ~/admin folder) , not allow anonymous (not logged in) access except in site root. site hosted on iis7.5 .net 4.0 bindings , scriptmaps.

stakeholders asking allow pins authenticate specific usecases, user not yet have credentials, has recieved letter pin.

we wrote stack validate pins authentication, don't have way tell membership/role api logged in user, since bypassing our sso using pin.

i need find way assign role temporarily anonymous session when operator presents valid pin, can make use of pages in folders not otherwise allow anonymous access.

i've seen indications can tie profile info anonymous user i've been unable find info assigning user (session really) role.

does have ideas assigning role anonymous user can navigate past authorization lists requiring specific role?

try extending claimsauthenticationmanager. can override authenticate. should allow treat treat pin users authenticated, , allow assign roles.

public class claimstransformer : claimsauthenticationmanager {     public override claimsprincipal authenticate(string resourcename, claimsprincipal incomingprincipal)     {...

you can activate extended claimsauthenticationmanager in global.asax.cs (or .vb). example asp.net mvc application. (you didn't mention whether using mvc or webforms.)

public class mvcapplication : system.web.httpapplication {      ...      protected void application_postauthenticaterequest()     {         var principal = claimsprincipal.current;         var transformer = new claimstransformer();          var newprincipal = transformer.authenticate(string.empty, principal);          thread.currentprincipal = newprincipal;         httpcontext.current.user = newprincipal;     } }

Comments

Post a Comment

Popular posts from this blog

php - SPIP: From Tag directly to an article -

i work spip , plugin called tagsphere works fine tags in spip. have tag groupe put 1 article tag. when click on tag in tagsphere send me before menu can see articles linked tag. want send me directly article without see tag menu before. here code model of thagsphere: <div id="tagsphere-#env{id_article}"> <ul> <boucle_mot(mots){id_groupe ?}> <li>[<a href="#url_mot">(#titre)</a>]</li> </boucle_mot> </ul> </div> anybody idea? if want skip tag page, have link directly article. <b_article> block prevents display tag if no article linked. <div id="tagsphere-#env{id_article}"> <ul> <boucle_mot(mots){id_groupe ?}> <b_article> <li> <a<boucle_article(articles){...
Read more

jquery - isAjaxRequest always return false -

i got error message 404,'model has not been saved' following code my action controller public function actionextend($id) { $model=$this->loadmodel($id); if(yii::app()->request->isajaxrequest) { $model->todate = date('y-m-d h:i:s a',(strtotime('next month',strtotime(date('y-01-d'))))); if($model->save()) { yii::app()->end(); } else { throw new chttpexception(404,'model has not been saved'); } } } the jquery call $("#buttonextend<?php echo $this->post_row;?>").click(function(e){ $.ajax({ type: "post", url: "<?php echo yii::app()->createurl('post/extend', array('id' => $data['id'])); ?>", }); }); why not ajax call ? thank help i found response, missed } , function ...
Read more

ruby on rails - In a controller spec, how to find a specific tag in the generated view? -

i know integration tests preferred need ran in controller test, i'm testing gem injecting html code in view, xhr can't run in feature spec (if can, please explain me how :) ) so rspec controller tests can assert selector present (with capybara) : response.body.should have_selector('#foobar') has_selector? call all method capybara find selector. what want last child of body , assert id in particular. afaik it's not possible have_selector. what : all('body:first-child').first.id.should == '#foobar' however, capybara dsl, defined (more or less): def all(*args) page.all(*args) end and page empty unless use visit it's integrations specs. how can use capybara all method inside rspec controller test ? i can't test right after googling seems trick def page capybara::node::simple.new(response.body) end source
Read more