[mapguide-users] newbie question about security
dorra2007
dorrdor at yahoo.fr
Thu Nov 8 09:24:21 EST 2007
thank you for the code. I'll try it and send feedbacks.
djonio wrote:
>
> Here is an example of a do-it-yourself login. Obviously .NET ...
> James and Kenneth have given excellent ideas for alternative ways to
> setup your resources.
>
> In this illustration within the "loginQ_Authenticate" you could do a
> whole range of stuff based upon who is/was signing in.
> Yes, I add items to the Session but this gives the most generalized
> flexibility for the Redirect.
>
> //////////////////////////////////////////////////////////
> <%@ Page Language="C#" AutoEventWireup="true"
> CodeFile="cam2login.aspx.cs" Inherits="cam2login" %>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
> <html xmlns="http://www.w3.org/1999/xhtml" >
> <head runat="server">
> <title>Generalized MapGuide Login</title>
> <style type="text/css">
> .loginQappearance {
> padding:5px 10px;
> height: 200px;
> width: 500px;
> background: #66CCFF url("images/MIA_blue.gif") no-repeat;
> background-position:top right;
> text-align: justify; padding-left:20px; border: solid 5px #999999
> }
> </style>
>
> </head>
> <body>
> <form id="form1" runat=server>
> <div align=center>
> <asp:Login ID="loginQ" CssClass="loginQappearance"
> runat="server" DisplayRememberMe="False"
> OnAuthenticate="loginQ_Authenticate">
> </asp:Login>
> </div>
> <asp:HiddenField ID="raw_InvokedByURL" runat="server" />
> </form>
> </body>
> </html>
>
> // and of course the codebehind
>
> using System;
> using System.Data;
> using System.Configuration;
> using System.Collections;
> using System.Collections.Specialized;
> using System.Web;
> using System.Web.Security;
> using System.Web.UI;
> using System.Web.UI.WebControls;
> using System.Web.UI.WebControls.WebParts;
> using System.Web.UI.HtmlControls;
> using OSGeo.MapGuide;
>
>
> public partial class cam2login : System.Web.UI.Page
> {
> protected void Page_Load(object sender, EventArgs e)
> {
> if (IsPostBack == true)
> {
> }
> else
> {
> raw_InvokedByURL.Value = this.Request.RawUrl;
> }
> }
> protected void loginQ_Authenticate(object sender,
> AuthenticateEventArgs e)
> {
> try
> {
>
> string realPath =
> Request.ServerVariables["APPL_PHYSICAL_PATH"];
> String configPath = realPath + "../webconfig.ini";
> MapGuideApi.MgInitializeWebTier(configPath);
>
> MgUserInformation loginuserInfo = new
> MgUserInformation(loginQ.UserName, loginQ.Password);
> MgSite site = new MgSite();
> site.Open(loginuserInfo);
>
> string sessionId = site.CreateSession();
> if (sessionId != null && sessionId != string.Empty)
> {
> this.Session.Add("mguser", loginQ.UserName);
> this.Session.Add("mgpassword", loginQ.Password);
> this.Session.Add("mgsessionid", sessionId);
> //site.DestroySession(sessionId);
> e.Authenticated = true;
> string next_raw_InvokedByURL =
> raw_InvokedByURL.Value.Replace("SOMENEWNAMEHERE_WHEREIWISHTOGO",
> "THISISHOWIGOTHERE"); ;
>
> this.Response.Redirect(next_raw_InvokedByURL);
> }
> }
> catch (MgException ex) { }
> }
> }
>
> -----Original Message-----
> From: mapguide-users-bounces at lists.osgeo.org
> [mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of dorra2007
> Sent: Thursday, November 08, 2007 3:08 AM
> To: mapguide-users at lists.osgeo.org
> Subject: Re: [mapguide-users] newbie question about security
>
>
> All users acess the same map (and layout), but the difference between
> users
> consists in the temporary layers loaded, according to his parameters
> stored
> in a database.
> So, I am wondering if there is a mapguide security API that manages
> users in
> this way, or a security and login code ready for use.I'll be very
> grateful
> if you provide me with this code.
> My problem is that users are not prompted for a login and password,
> while
> they have also access denied.
>
>
> James Card wrote:
>>
>> On Tue, 06 Nov 2007 03:38:30 -0800, dorra2007 <dorrdor at yahoo.fr>
> wrote:
>>
>>> I wish to know how to assign a user account to a layer (or layer
>>> definition), so that when he wish access this layer, he will be
> promted
>>> for a user name and password.
>>
>> The workaround we used for this was to assign security at the map
> level
>> rather than the layer level. We created a separate map for each
> security
>> group that included only the layers appropriate to that group. We also
>
>> created one layout for each of these maps, so it was easy for the
> security
>> and login code already in place on the webserver to just load the
>> appropriate layout after the user was authenticated.
>>
>> Since we only had four secuirty groups this was a simple solution. If
> the
>> were many different combinations of layer permissions required it
> would be
>> too cumbersome to maintain a separate map and layout for each.
>>
>> --
>> James Card
>> 209-578-5580
>> _______________________________________________
>> mapguide-users mailing list
>> mapguide-users at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/newbie-question-about-security-tf4757541s16610.htm
> l#a13642851
> Sent from the MapGuide Users mailing list archive at Nabble.com.
>
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>
> E-mails are automatically scanned for viruses using McAfee.
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>
--
View this message in context: http://www.nabble.com/newbie-question-about-security-tf4757541s16610.html#a13647873
Sent from the MapGuide Users mailing list archive at Nabble.com.
More information about the mapguide-users
mailing list