You need to modify the CheckAccess functions in Authrorization to loop
through the username and all the groupnames the user is part of. That way,
it will apply role-based security. Something like this:
ArrayList userGroups = GetUserGroups(userName);
AceCollection acl = DeserializeAcl(secDesc);
foreach(AceStruct ace in acl)
{
foreach(string principalName in userGroups)
{
// First check to see if the user or group has an access control
// entry for the item
if (0 == String.Compare(principalName, ace.PrincipalName, true,
CultureInfo.CurrentCulture))
{
etc.
etc.
--
Cheers,
'(' Jeff A. Stucker
\
Business Intelligence
www.criadvantage.com --------------------------------------
[quoted text, click to view] "Will" <wlansing@rlcarriers.com> wrote in message
news:1110232152.683072.256120@g14g2000cwa.googlegroups.com...
>I have made some decent progress on switching RS to use form based
> authentication. Currently the application validates the user against
> are Oracle database, then accepts the cookie created by the page and
> then converts the cookie into a principal object which is used for the
> authorization portion of the process. I have this working as long as
> the user is an Admin, but I have a problem if they are not. When the
> subroutine goes into the authorization portion of code for a non-admin
> user, it calls an ACL. By looking at the code as it runs it would seem
> that the ACL is empty, how can I modify this to add policies for users
> or groups? Is the ACL an actual object that I can open an edit, sorry
> I am new to most of all of this.
>
> Thanks
>
