Alik Levin's

Clarity, Technology, and Solving Problems | PracticeThis.com

IsInRole Authorization in ASP.NET Application Configured for Federated Authentication Using Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service

IsInRole Authorization in ASP.NET Application Configured for Federated Authentication Using Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service

  • Comments 0

To implement Role Based Access Control using IsInRole in your ASP.NET web application that is configured for federated authentication using Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service follow the steps outlined in this blog.

Summary of steps

  • Step 1 – Configure role claims in ACS
  • Step 2 – Implement access checks
  • Step 3 – Test your work

Step 1 – Configure role claims in ACS

To configure role claims in ACS follow these steps:

  • Navigate to Access Control Service management portal.
  • Click on Relying Party.
  • Choose your application.
  • Choose desired Rule Group, make sure it is checked.
  • Add new rule.
  • Specify http://schemas.microsoft.com/ws/2008/06/identity/claims/role as output type.
  • Specify User as role name.
  • Click Save button.

You have just configured every token to have role User. You rule might be more complex as Rule Group and Rules Editor permits.

Step 2 – Implement access checks

In your application you can use on of four methods to check role. One is using Url authorization in web.config and three others might look as follows:

public partial class _default : System.Web.UI.Page
{
    //THIS SHOULD THROW AN EXCEPTION
    [PrincipalPermission(SecurityAction.Demand, Role = "User")]
    protected void Page_Load(object sender, EventArgs e)
    {
        //THIS SHOULD THROW AN EXCEPTION
        PrincipalPermission p = new PrincipalPermission(null, "User");
        p.Demand();

        //THIS RETURNS BOOL
        if (!User.IsInRole("User"))
            throw new SecurityException("Access is denied.");
    }
}

 

 

Step 3 – Test your work

Run your code – it should just work, if not – let me know.

Download sample code here.

Related Books

Related Info

Attachment: WebIsInRoleACS.zip