'code in Dialog Form Private Sub btn Accept_Click(sender As System.
In particular, we created a page that listed the contents of the current directory.Figure 4: Only Users in the Administrators Role Can View the Protected Pages (Click to view full-size image) Log off and then log in as a user that is in the Administrators role.Now you should be able to view the three protected pages.It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. As we discussed in the class to determine the user's roles. Figure 2: The User's Role Information Can Be Stored in a Cookie to Improve Performance (Click to view full-size image) By default, the role cache cookie mechanism is disabled.If you have extremely long role names, you may want to consider specifying a smaller , respectively.Technically, I didn't need to specify values for these attributes since I just assigned them to their default values, but I put them here to make it explicitly clear that I am not using persistent cookies and that the cookie is both encrypted and validated. Henceforth, the Roles framework will cache the users' roles in cookies.If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.Since possession of the role cache cookie is sufficient to prove role membership, if a hacker can somehow gain access to a valid user's cookie he can impersonate that user.However, in certain cases we may want to allow all users to visit a page, but limit the page's functionality based on the visiting user's roles.This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.