I'm finishing up the security aspect of an application that has been convereted from classic ASP to ASP.Net (C#).
The existing application has a variable on each page called 'seclvl'. This is an integer value, that tells the application what level of security (from a session variable) a logged in user has to be in order to view the contents of that page.
I'm looking for a way to accomplish this in the new application, using a similar system. IDEALLY, in the <% Page %> declaration, I'd love to have a SecLvl=x tag that I could populate with the Title and Language tags! **grin** But I don't think that's in the cards for me. Next best thing, or so I figure, is to have each code behind page have a protected variable, secLvl=x, which the master page can reference during the render or init events. I can't seem to figure out the delegation / referencing needed to accomplish this though.
<%@ Master Language="C#" AutoEventWireup="true" CodeFile="master.master.cs" Inherits="MasterPage" %>
<link href="style/style.css" type="text/css" rel="stylesheet">
<asp:ContentPlaceHolder ID="content" runat="server"></asp:ContentPlaceHolder>
// pseudo code here...
// Check to see if user is 'valid' from session. If so, do nothing. If user != 'valid' then
// Check the database and see what info you can get from the logged in user name.
// Set session variables for logged in user, and set valid flag, then redirect back to referring page.
// I would also like to check here to see if users' secLvl is high enough (from the validation call before) to access the page they
// are trying to access
<%@ Page Language="C#" MasterPageFile="~/master.master" AutoEventWireup="true"
CodeFile="page1.aspx.cs" Inherits="Default" Title="Page 1" %>
<asp:content id=content contentplaceholderid=content runat=server>
Content goes here...if you have enough security to see it!!!
If you're seeing this, then you must.
// bunch of other stuff here, but important part would be below
protected secLvl = 10;
So is this something that is doable? Is there a 'better' way?? Once again, I'd like to be able to get the security level value of a specific page when the page loads, and compare that page's value with the value assigned when the user first logs in.
Other options are equally welcome :)
Thanks in advance...