aspdotnet-suresh offers C#articles and tutorials,csharp dot net,articles and tutorials, VB.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context.
If you want the cookie to be passed to all subdomains you need to customize the exists is because many user agents do not permit cookies larger than 4,096 bytes.
So this cap is meant to reduce the likelihood of exceeding this size limitation.
Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. Or we could dictate that only users Tito and Bob were allowed, or indicate that all authenticated users except for Sam were permitted.Figure 4: Only Users in the Administrators Role Can View the Protected Pages (Click to view full-size image) Log off and then log in as a user that is in the Administrators role.Now you should be able to view the three protected pages.If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.Since possession of the role cache cookie is sufficient to prove role membership, if a hacker can somehow gain access to a valid user's cookie he can impersonate that user.Following that, we will explore programmatic techniques. Delete User(User Name) ' Revert the grid's Edit Index to -1 and rebind the data User Grid.Before we can look at applying fine grain authorization rules, however, we first need to create a page whose functionality depends on the role of the user visiting it. Edit Index = -1 Bind User Grid() End Sub Note The Delete button does not require any sort of confirmation from the user before deleting the user account.Anyone could visit this page, but only authenticated users could view the files' contents and only Tito could delete the files.Applying authorization rules on a user-by-user basis can grow into a bookkeeping nightmare.A more maintainable approach is to use role-based authorization.The good news is that the tools at our disposal for applying authorization rules work equally well with roles as they do for user accounts.