(code sharing) Restricting access to SmarterSticket and getting rid of the "anonymous user"

Last post 09-15-2007 6:07 PM by Taylex. 0 replies.

Page 1 of 1 (1 items)
	Sort Posts: Previous Next

09-15-2007 6:07 PM

Taylex
Joined on 01-26-2007
Charlotte, NC
Posts 215

(code sharing) Restricting access to SmarterSticket and getting rid of the "anonymous user"

Reply Contact

If you hate that "Logged in as: anonymous user" as much as I do, here is a simple way around it using ASP.Net 2.0's membership and roles. If you already use the membership and roles in your company site as I do and have SmarterTicket installed as a virtual directory beneath the main site then this is really straightforward. You can also just use the membership and roles directly with SmarterTicket. When you are finished any attempt to go to SmarterTicket will take you to the specified login page and after successful authorization you will see this

LoggedInAs

Goals:
1) Restrict anonymous access to SmarterTicket.

2) Allow anonymous access to specified parts of SmarterTicket.

3) Take the user ID from the membership role and display it as "Logged in as:" in SmarterTicket.

4) Achieve SSO (single sign on) between the parent web ad SmarterTicket.

Assumptions:
1) SmarterTicket is installed as a Virtual Directory below the parent site and is running on ASP.Net 2.0.
2) You are using the same database for ASP.Net's membership and roles and SmarterTicket.

Files to change in SmarterTicket:
1)web.config
2)/skins/_default/Standard-InnerHeader.ascx

Files to change on parent web site:
1)web.config

NOTE: ADJUST YOUR PATH TO SMARTERTICKET IF IT IS NOT SUPPORT.

Enable SSO between the applications:
You must specify the same authentication mode (Forms) for both the parent site and SmarterTicket. The key here is the forms name and protection must match. Example:

parent web.config:

SmarterTicket web.config:

You must also overide the server's machine validation key in both web.config files and they must be identical. Example: (generate your own keys, these are made up)

<system.web>
<machineKey validationKey="78861A87018749022C11F4D3206883D95AFBEDE2D510C59116C75203ED42D86E6"
decryptionKey="83371F0BE1A0F72D1C04FE79DA11DFD6" validation="SHA1"/>
</system.web>

Restrict access to anonymous users in SmarterTicket:

Modify web.config for the parent site as follows (modify for your specific needs).

Display the logged in user in SmarterTicket:

1) Add role "Agents" to ASP.Net's membership roles.
2) Add an APS LoginView to /skins/_default/Standard-InnerHeader.ascx as follows:

Find:

                                                <SMWC:SidebarLoggedInAs ID="loggedinas1" runat="server"></SMWC:SidebarLoggedInAs>
                                         <SMWC:SidebarActiveGroups Visible=false runat="server" id="test"></SMWC:SidebarActiveGroups>
      <SMWC:SidebarSearch id="searchbar1" runat="server"></SMWC:SidebarSearch>
      <stskin:SidebarTicketsCtrl id="Folderlist2" runat="server"></stskin:SidebarTicketsCtrl>
      <SMWC:SidebarLinks id="SidebarLinks1" runat="server"></SMWC:SidebarLinks>
      <SMWC:SidebarNotification id="SidebarNotification1" runat="server"></SMWC:SidebarNotification>
      <SMWC:SIDEBARFREEVERSION id="SidebarFreeVersion1" runat="server"></SMWC:SIDEBARFREEVERSION>

Replace:
<SMWC:SidebarLoggedInAs ID="loggedinas1" runat="server"></SMWC:SidebarLoggedInAs>

With:<asp:LoginView ID="LoginView1" runat="server">
                                <RoleGroups>
                                    <asp:RoleGroup Roles="Agents">
                                        <ContentTemplate>
                                            <SMWC:SidebarLoggedInAs ID="loggedinas1" runat="server"></SMWC:SidebarLoggedInAs>
                                        </ContentTemplate>
                                    </asp:RoleGroup>
                                </RoleGroups>
                                <LoggedInTemplate>
                                    <table cellpadding="0" cellspacing="0" class="lbgroup">
                                        <tr>
                                            <th class="lbgroupl">
                                                 </th>
                                            <th class="lbgroup">
                                                Logged In As</th>
                                            <th class="lbgroupr">
                                                 </th>
                                        </tr>
                                        <tr>
                                            <td class="lbgroup" colspan="3">
                                                <iframe src="/Support/frmKeepAlive.aspx" frameborder="0" height="1" width="1"
                                                    scrolling="no"></iframe>
                                                <table class="lbitem" cellpadding="2" cellspacing="0" width="100%">
                                                    <tr>
                                                        <td class="lbitem" colspan="2">
                                                            <img border="0" align="absmiddle" src="/Support/Skins/_default/Images/Misc/User.gif"> <b><asp:LoginName
                                                                ID="LoginName1" runat="server" />
                                                            </b>
                                                        </td>
                                                    </tr>
                                                </table>
                                            </td>
                                        </tr>
                                    </table>
                                </LoggedInTemplate>
                            </asp:LoginView>

I'm still here, I'm just quiet. Shhh.

Page 1 of 1 (1 items)

Dotnetpanel Forums