locked
How to enable role management using federation ? RRS feed

  • Question

  • User-1490494432 posted

    Hello,

    My goal is to use role access defined in the sitemap but with federation authentication.

    I have implemented the following solution  to add role claim based on user Group

    here my custom transformation

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Security.Principal;
    using System.Security.Claims;
    
    namespace MyClaimsTransformationModule
    {
        public class ClaimsTransformationModule : ClaimsAuthenticationManager
        {
            public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
            {
                bool isAdmin = false;
    
                if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated == true)
                {
                    foreach (Claim claim in incomingPrincipal.Claims)
                    {
                        if (claim.Type == "http://schemas.xmlsoap.org/claims/Group" && claim.Value == "net\\!VAL ADMIN")
                        {
                            ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "Admin"));
                            isAdmin = true;
                            break;
                        }  
                    }
    
                    if (!isAdmin)
                    {
                        ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "User"));
                    }
                }
    
                return incomingPrincipal;
            }
        }
    }

    And I can see the Admin/User claim role display in my default page based on the group I set in the if condition.

    now I don't know how to link role claims to the roles defined in the sitemap and make things works

    I want for sample to enable both Admin and User role in the default page

    <siteMapNode title="Settings" url="Default.aspx" description="Manage advanced CODA settings" roles="Admin,User">

    do you think that it's possible ?

    Friday, December 12, 2014 6:22 AM

Answers

  • User-1490494432 posted

    I finally found the issue.

    It was the namespace that has been added to my XmlSiteMapDefaultProvider class when I have created it.

    so I have updated the Provider Type in the web config by adding the namespace and now it works like a charm with the Sitemap handle like I want.

    <siteMap enabled ="true" defaultProvider="XmlSiteMapDefaultProvider">
      <providers>
        <add name="XmlSiteMapDefaultProvider" type="namespace.XmlSiteMapDefaultProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

    Thanks all for your help

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 16, 2014 10:46 AM

All replies

  • User-1151753377 posted

    Hi

    Welcome to the ASP.NET forum.

    Yes, I think it is possible to set tow roles for page.

    something like this in web.config file.

    <allow roles="Admin,User"/>

    More information please refer to the links below and hope them will give you some ideas.

    http://forums.asp.net/t/1177624.aspx?Roles+SiteMap

    http://msdn.microsoft.com/en-us/library/ms178428(v=vs.100).aspx


    Other information about Federated security.

    http://world.episerver.com/documentation/Items/Developers-Guide/EPiServer-CMS/75/Security/federated-security/

    Best Regards,

    Summer

    Sunday, December 14, 2014 9:29 PM
  • User-1490494432 posted

    I have added the site map provider and allow roles

      <system.web>    
        <httpRuntime requestValidationMode="2.0" />
        <authorization>
          <deny users="?" />
          <allow roles="Admin,User" />
        </authorization>
        <authentication mode="None" />
        <customErrors mode="Off" />
        <compilation debug="true" targetFramework="4.5" />
        <pages controlRenderingCompatibilityVersion="4.5" />    
        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
          <providers>            
            <add name="XmlSiteMapProvider" 
                description="SiteMap provider which reads in .sitemap XML files."
                type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                siteMapFile="web.sitemap"
                securityTrimmingEnabled="true"/>
          </providers>
        </siteMap>
      </system.web>

    but now I need from the role claim to update the current user role

    how can I do that ?

    Monday, December 15, 2014 11:18 AM
  • User-1151753377 posted

    Hi

    Please try to the Membership.UpdateUser Method

    http://msdn.microsoft.com/en-us/library/system.web.security.membership.updateuser(v=vs.110).aspx

    Other information please refer to the link below and hope it could helpful for you.

    http://www.asp.net/web-forms/overview/older-versions-security/roles/assigning-roles-to-users-cs

    Summer

    Tuesday, December 16, 2014 3:11 AM
  • User-1490494432 posted

    Roles are based on membership table that I don't have and that I don't want to setup

    I want to setup the current user role dynamically based on the Group claims I get and then allow pages access based on sitemap and roles

    It seems that I can't use roles without setting up membership table to store user details.

    Tuesday, December 16, 2014 4:54 AM
  • User-1490494432 posted

    I did some checks and my claimsPrincipal as the role Admin or User based on the Claim  group I check in my Authenticate()

    So the in my Page_Load() of my default page the claimsPrincipal.IsInRole("Admin") return true when I set a Group that I own.

    But the Sitemap is not handle

    I found this post that handle the subject, but now I get another error:
    Could not load type 'XmlSiteMapDefaultProvider'

    I have added the class in my project and added the Sitemap node in the web config:

    <siteMap enabled ="true" defaultProvider="XmlSiteMapDefaultProvider">
      <providers>
        <add name="XmlSiteMapDefaultProvider" type="XmlSiteMapDefaultProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

    Should I missed something somewhere ?

    Tuesday, December 16, 2014 10:06 AM
  • User-1490494432 posted

    I finally found the issue.

    It was the namespace that has been added to my XmlSiteMapDefaultProvider class when I have created it.

    so I have updated the Provider Type in the web config by adding the namespace and now it works like a charm with the Sitemap handle like I want.

    <siteMap enabled ="true" defaultProvider="XmlSiteMapDefaultProvider">
      <providers>
        <add name="XmlSiteMapDefaultProvider" type="namespace.XmlSiteMapDefaultProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

    Thanks all for your help

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 16, 2014 10:46 AM