PortSight Secure Access Documentation

Role-Based Authorization

 

Role-based authorization is very similar to the authorization based on membership. The only difference is that you need to create an application (such as "WorkReports") and define a role within this application. The role is always associated with particular application and its alias consists of the application alias and role alias (such as "WorkReports.Administrator").

  1. Open your project with Secure Access authentication implemented. Add a new page called CheckRole.aspx.

  2. Add following lines at the beginning of the page code-behind, so that you can use Secure Access libraries in this page.

    [Visual Basic]
    
    Imports PortSight.SecureAccess.ARDataServices
    Imports PortSight.SecureAccess.ARObjects
    


    [C#]
    
    using PortSight.SecureAccess.ARDataServices;
    using PortSight.SecureAccess.ARObjects;			
  3. Put a new label on it and name it Label1. Change its text to "Label containing sensitive information."

  4. Open the code-behind of this page and add following lines to the Page_Load event:

    [Visual Basic]
    
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim ticket As ARUserTicket = CType(Session("ARUserTicket"), ARUserTicket)
    
        If ticket.IsMemberAll("WorkReports.WorkReportManager") Then
            Label1.Visible = True
        Else
            Label1.Visible = False
        End If
    End Sub
    
    
    [C#]
    
    private void Page_Load(object sender, System.EventArgs e)
    {
    	ARUserTicket ticket = (ARUserTicket) Session["ARUserTicket"];
    
    	if (ticket.IsMemberAll("WorkReports.WorkReportManager"))
    	{
    		Label1.Visible = true;
    	}
    	else
    	{
    		Label1.Visible = false;
    	}        
    }							

    What you did:

    You created a new page that will display a message if user is member of particular role.

    You used user ticket that is created when the user logs on and stored in the session variable. This scenario is useful for repeating tasks, since the membership and other information are cached in this user ticket and you needn't connect to the database for every request. If you still don't want to use the session variables you can execute ARHelper.IsMemberAll or ARUser.IsMemberAll methods instead - see ARObjects classes documentation to find more information.

  5. Open the Secure Access user interface. Define a new application called "Work Reports" with alias "WorkReports". Create a new role under this application called "Work Report Manager" with alias "WorkReportManager". Add your testing user as a member of this role.


    Creating a new role

    Creating a new role

  6. Compile and run your application. Log on and navigate to the CheckRole.aspx page. You should see the text saying "Label containing sensitive information."