IsInRole Authorization in ASP.NET Application Configured for Federated Authentication Using Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service

  • Article

To implement Role Based Access Control using IsInRole in your ASP.NET web application that is configured for federated authentication using Windows Identity Foundation (WIF) and Azure AppFabric Access Control Service follow the steps outlined in this blog.

Summary of steps

  • Step 1 – Configure role claims in ACS
  • Step 2 – Implement access checks
  • Step 3 – Test your work

Step 1 – Configure role claims in ACS

To configure role claims in ACS follow these steps:

You have just configured every token to have role User. You rule might be more complex as Rule Group and Rules Editor permits.

Step 2 – Implement access checks

In your application you can use on of four methods to check role. One is using Url authorization in web.config and three others might look as follows:

public partial class _default : System.Web.UI.Page
{
    //THIS SHOULD THROW AN EXCEPTION
    [PrincipalPermission(SecurityAction.Demand, Role = "User")]
    protected void Page_Load(object sender, EventArgs e)
    {
        //THIS SHOULD THROW AN EXCEPTION
        PrincipalPermission p = new PrincipalPermission(null, "User");
        p.Demand();

        //THIS RETURNS BOOL
        if (!User.IsInRole("User"))
            throw new SecurityException("Access is denied.");
    }
}

 

 

Step 3 – Test your work

Run your code – it should just work, if not – let me know.

Download sample code here.

WebIsInRoleACS.zip