Home > Articles > Programming > Windows Programming

  • Print
  • + Share This
From the author of

From the author of

Implementing the XmlAuthenticate Subroutine

The XmlAuthenticate subroutine is used to identity the user requesting a page. This subroutine is also used to retrieve the list of roles associated with the user. For example, a user might be an administrator, guest, and/or supervisor.

The code for the XmlAuthenticate subroutine is contained in Listing 2.

Listing 2—XmlAuthenticate Subroutine

Private Sub XmlAuthenticate( s As Object, e As EventArgs )
 Dim application As HttpApplication 
 Dim strUserID As String 
 Dim objIdentity As GenericIdentity
 Dim objPrincipal As GenericPrincipal
 Dim arrRoles As String()

 application = CType( s, HttpApplication )
 strUserID = application.Request.Params( "XmlUserID" )
 If strUserID = Nothing Then 
  strUserID = "anonymous"
 End If
 strUserID = strUserID.ToLower()
 objIdentity = New GenericIdentity( strUserID, "XML" )
 arrRoles = GetRoles( strUserID, application )
 objPrincipal = New GenericPrincipal( objIdentity, arrRoles )
 application.Context.User = objPrincipal
End Sub

The XmlAuthenticate subroutine retrieves the UserID of the current user from the Params collection of the Request object. The Params collection includes form, query string, and cookie parameters. For example, passing the following UserID query string to the SomePage.aspx page would identify you as user Bob:

http://localhost/SomePage.aspx?userID=Bob

After the user has been identified, a list of the roles associated with the user is retrieved from an XML file. The roles are retrieved by calling a function named GetRoles(). The GetRoles() function is contained in Listing 3.

Listing 3—GetRoles() Function

Function GetRoles( strUserID As String, application as HttpApplication ) As String()
 Dim dstUsers As DataSet
 Dim drowRoleList As DataRow()
 Dim drowRole As DataRow
 Dim colRoles As ArrayList
 Dim strFilePath As String

 dstUsers = application.Context.Cache( "XmlRoles" )
 If dstUsers Is Nothing Then
  dstUsers = New DataSet
  strFilePath = application.Server.MapPath( application.Request.ApplicationPath & "/XmlRoles.xml" )
  dstUsers.ReadXml( strFilePath )
  application.Context.Cache.Insert( "XmlRoles", dstUsers, New CacheDependency( strFilePath ) )
 End If
 drowRoleList = dstUsers.Tables( 0 ).Select( "userID='" & strUserID & "'" ) 
 colRoles = New ArrayList
 For each drowRole in drowRoleList
  colRoles.Add( drowRole( "role" ).ToString() )
 Next
 Return colRoles.ToArray( GetType( String ) )
End Function

The GetRoles() function retrieves the list of roles from an XML file named XmlRoles.xml (The contents of the XmlRoles.xml file is cached for better performance.) This file is automatically retrieved from the root directory of the current application. The XmlRoles.xml file is contained in Listing 4.

Listing 4—XmlRoles.xml File

<roles>
 <user userID="doug" role="administrators" />
 <user userID="doug" role="guests" />
 <user userID="bob" role="guests" />
</roles>

The file in Listing 4 assigns the user named doug to the administrators and guests role. The user named bob, on the other hand, is included only in the guests role.

Notice that we are not making any attempt to verify the user with a password. If bob wants to pretend to be doug, there is nothing stopping him. In real applications, you would also want to retrieve a password from a user to prevent one user from pretending to be another.

  • + Share This
  • 🔖 Save To Your Account