[mapguide-users] newbie question about security
Jonio, Dennis (Aviation)
DJonio at miami-airport.com
Thu Nov 8 06:30:03 EST 2007
Here is an example of a do-it-yourself login. Obviously .NET ...
James and Kenneth have given excellent ideas for alternative ways to
setup your resources.
In this illustration within the "loginQ_Authenticate" you could do a
whole range of stuff based upon who is/was signing in.
Yes, I add items to the Session but this gives the most generalized
flexibility for the Redirect.
//////////////////////////////////////////////////////////
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="cam2login.aspx.cs" Inherits="cam2login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Generalized MapGuide Login</title>
<style type="text/css">
.loginQappearance {
padding:5px 10px;
height: 200px;
width: 500px;
background: #66CCFF url("images/MIA_blue.gif") no-repeat;
background-position:top right;
text-align: justify; padding-left:20px; border: solid 5px #999999
}
</style>
</head>
<body>
<form id="form1" runat=server>
<div align=center>
<asp:Login ID="loginQ" CssClass="loginQappearance"
runat="server" DisplayRememberMe="False"
OnAuthenticate="loginQ_Authenticate">
</asp:Login>
</div>
<asp:HiddenField ID="raw_InvokedByURL" runat="server" />
</form>
</body>
</html>
// and of course the codebehind
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Collections.Specialized;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using OSGeo.MapGuide;
public partial class cam2login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack == true)
{
}
else
{
raw_InvokedByURL.Value = this.Request.RawUrl;
}
}
protected void loginQ_Authenticate(object sender,
AuthenticateEventArgs e)
{
try
{
string realPath =
Request.ServerVariables["APPL_PHYSICAL_PATH"];
String configPath = realPath + "../webconfig.ini";
MapGuideApi.MgInitializeWebTier(configPath);
MgUserInformation loginuserInfo = new
MgUserInformation(loginQ.UserName, loginQ.Password);
MgSite site = new MgSite();
site.Open(loginuserInfo);
string sessionId = site.CreateSession();
if (sessionId != null && sessionId != string.Empty)
{
this.Session.Add("mguser", loginQ.UserName);
this.Session.Add("mgpassword", loginQ.Password);
this.Session.Add("mgsessionid", sessionId);
//site.DestroySession(sessionId);
e.Authenticated = true;
string next_raw_InvokedByURL =
raw_InvokedByURL.Value.Replace("SOMENEWNAMEHERE_WHEREIWISHTOGO",
"THISISHOWIGOTHERE"); ;
this.Response.Redirect(next_raw_InvokedByURL);
}
}
catch (MgException ex) { }
}
}
-----Original Message-----
From: mapguide-users-bounces at lists.osgeo.org
[mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of dorra2007
Sent: Thursday, November 08, 2007 3:08 AM
To: mapguide-users at lists.osgeo.org
Subject: Re: [mapguide-users] newbie question about security
All users acess the same map (and layout), but the difference between
users
consists in the temporary layers loaded, according to his parameters
stored
in a database.
So, I am wondering if there is a mapguide security API that manages
users in
this way, or a security and login code ready for use.I'll be very
grateful
if you provide me with this code.
My problem is that users are not prompted for a login and password,
while
they have also access denied.
James Card wrote:
>
> On Tue, 06 Nov 2007 03:38:30 -0800, dorra2007 <dorrdor at yahoo.fr>
wrote:
>
>> I wish to know how to assign a user account to a layer (or layer
>> definition), so that when he wish access this layer, he will be
promted
>> for a user name and password.
>
> The workaround we used for this was to assign security at the map
level
> rather than the layer level. We created a separate map for each
security
> group that included only the layers appropriate to that group. We also
> created one layout for each of these maps, so it was easy for the
security
> and login code already in place on the webserver to just load the
> appropriate layout after the user was authenticated.
>
> Since we only had four secuirty groups this was a simple solution. If
the
> were many different combinations of layer permissions required it
would be
> too cumbersome to maintain a separate map and layout for each.
>
> --
> James Card
> 209-578-5580
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>
--
View this message in context:
http://www.nabble.com/newbie-question-about-security-tf4757541s16610.htm
l#a13642851
Sent from the MapGuide Users mailing list archive at Nabble.com.
_______________________________________________
mapguide-users mailing list
mapguide-users at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-users
E-mails are automatically scanned for viruses using McAfee.
More information about the mapguide-users
mailing list