I am using Windows Authentication in my VB/ASP.NET Intranet Web Application.
How do I create a method that will release the authentication Token, so the
user will no longer have access to any of the resources on the site?
Thanks
StuartI don't think you can disable the "Token" on the fly. To dynamically
control access, store those who are allowed in a table and those who are not
allowed in another table - or separate views of the same table - or an
array or arraylist and use something like this:
foreach(string user in BannedUsers)
{
if (user == User.Identity.Name)
{
throw new Exception ("You are not authorized");
}
}
You could do a PrincipalPermission.Demand() on the user against a list of
users, but I don't think it buys you much in this case. The concept there
is you create a PermissionPrincipal:
bool allowed = false;
foreach(string user in AllowedUsers)
{
try
{
PrincipalPermission pp = new PrincipalPermission(null, user);
pp.Demand();
allowed = true;
}
catch(Exception ex)
{
}
}
if (!allowed)
throw new Exception ("You're not allowed here!");
Hope this helps
Dale
If the
"Stuart Shay" <sshay@.j51.com> wrote in message
news:#JedPU3bEHA.216@.TK2MSFTNGP10.phx.gbl...
> Hello All:
>
> I am using Windows Authentication in my VB/ASP.NET Intranet Web
Application.
>
> How do I create a method that will release the authentication Token, so
the
> user will no longer have access to any of the resources on the site?
>
> Thanks
> Stuart
>
>
0 comments:
Post a Comment