Solved

control-level security in ASP.NET

Posted on 2011-03-25
3
193 Views
Last Modified: 2012-05-11
hello,
i want to make a page and more than a user can access the same page.
but each user can see the controls on the page depending on its rule.
for example
user of rule "admin" can see the button "add user", "delete user" and "help"
while the user of rule "member" can see only the buttons "help"

so the page i want to build will have 3 buttons but each user will only see what he is supposed to see only.


any suggestions of the best mechanism to implement such a security??

thanks in advance :)
0
Comment
Question by:Suma5566
3 Comments
 
LVL 7

Accepted Solution

by:
JosephEricDavis earned 250 total points
ID: 35215602
I'm guessing you already have some sort of membership working in your site already so that you can identify the currently logged in user and what type of user role or group they belong to.

In the code behind in the page load you could give conditional logic to show or hide the different buttons based on which role the currently logged in user is part of.

If(User.IsInRole("admin"))
{
     btnAddUser.Visible = true;
     btnDeleteUser.Visible = true;
     btnHelp.Visible = true;
}
else if(User.IsInRol("member"))
{
     btnAddUser.Visible = false;
     btnDeleteUser.Visible = false;
     btnHelp.Visible = true;
}
0
 

Author Comment

by:Suma5566
ID: 35215975
thanks for your answer, i will consider your answer.

but i was thinking of a different solution, if you or another person may help me with it.

the idea is.....for example button "help" has property called "AllowedUsers" and this property can hold more than one value, lets say "Admin" and "Marketing".

for example, lets assume this code:

foreach(control cn in page.Controls)
{
     if(con.AllowedUsers.contains(LogedInUser.Role))
         con.visible=true;
     else
         con.visible = false;
}

I'm guessing if there is someway to implement it this way?
0
 
LVL 40

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 250 total points
ID: 35217353
you would have to extend each control to have an AllowedUsers property.

The other thing to do is to define roles within your application
eg(Read / Write)

then based on the groups assign the user the proper role.  This could be done on a page by page basis.  

Say marketing can adjust marketing material, and see sales material (but not edit).  Your example wouldn't handle this unless you modified AllowedUsers on the page load (which is dangerously close to Authorized Users who may or may not be able to view the page at all) . . . it seems more of a global thing to me.

By adding General application level roles you could specify Marketting has modify writes on some pages but not on others.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now