Using Programmatic Authorization to Determine Who Is Attempting to Access Your Site

Using Programmatic Authorization to Determine Who Is Attempting to Access Your Site

Once a user is authenticated, we will need to find out who that person is. In a real world example, code like this could be used for everything from personalization to authentication of specific files. The setup for this sample is as follows (see Listing 15.6):

• Anonymous access is disabled in IIS, Integrated Windows Authentication is enabled.

• The default authentication mode, Windows, is set in the web.config file.

• The authorization settings are not restrictive .

Listing 15.6 default.aspx (Complete)

 <%@ Page language="c#" Codebehind="default.aspx.cs" AutoEventWireup="false" Inherits="Chapter15.WebForm1" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML>  <HEAD>   <title>Authorization Sample Listing 15.6</title>   <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">   <meta name="CODE_LANGUAGE" Content="C#">   <meta name="vs_defaultClientScript" content="JavaScript">   <meta name="vs_targetSchema" [ic:ccc]content="http://schemas.microsoft.com/intellisense/ie5">  </HEAD>  <body MS_POSITIONING="GridLayout">   <%if(User.Identity.IsAuthenticated){ %>   <table>    <tr>     <td colspan="2">      Welcome,      <%=User.Identity.Name%>     </td>    </tr>    <tr>     <td>      Your IP Address:     </td>     <td>      <%=Request.UserHostAddress%>     </td>    </tr>   </table>   <%} %>   <form id="Form1" method="post" runat="server">   </form>  </body> </HTML> 

Using the code in Listing 15.6, we can determine who is visiting the site. This information can be used throughout the application to verify credentials through the implicit Principal class, or in this case the User class, created when the user was authenticated. From the Principal class, we will be able to derive the Identity class containing all pertinent user information.