Solved

control-level security in ASP.NET

Posted on 2011-03-25
3
196 Views
Last Modified: 2012-05-11
hello,
i want to make a page and more than a user can access the same page.
but each user can see the controls on the page depending on its rule.
for example
user of rule "admin" can see the button "add user", "delete user" and "help"
while the user of rule "member" can see only the buttons "help"

so the page i want to build will have 3 buttons but each user will only see what he is supposed to see only.


any suggestions of the best mechanism to implement such a security??

thanks in advance :)
0
Comment
Question by:Suma5566
3 Comments
 
LVL 7

Accepted Solution

by:
JosephEricDavis earned 250 total points
ID: 35215602
I'm guessing you already have some sort of membership working in your site already so that you can identify the currently logged in user and what type of user role or group they belong to.

In the code behind in the page load you could give conditional logic to show or hide the different buttons based on which role the currently logged in user is part of.

If(User.IsInRole("admin"))
{
     btnAddUser.Visible = true;
     btnDeleteUser.Visible = true;
     btnHelp.Visible = true;
}
else if(User.IsInRol("member"))
{
     btnAddUser.Visible = false;
     btnDeleteUser.Visible = false;
     btnHelp.Visible = true;
}
0
 

Author Comment

by:Suma5566
ID: 35215975
thanks for your answer, i will consider your answer.

but i was thinking of a different solution, if you or another person may help me with it.

the idea is.....for example button "help" has property called "AllowedUsers" and this property can hold more than one value, lets say "Admin" and "Marketing".

for example, lets assume this code:

foreach(control cn in page.Controls)
{
     if(con.AllowedUsers.contains(LogedInUser.Role))
         con.visible=true;
     else
         con.visible = false;
}

I'm guessing if there is someway to implement it this way?
0
 
LVL 40

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 250 total points
ID: 35217353
you would have to extend each control to have an AllowedUsers property.

The other thing to do is to define roles within your application
eg(Read / Write)

then based on the groups assign the user the proper role.  This could be done on a page by page basis.  

Say marketing can adjust marketing material, and see sales material (but not edit).  Your example wouldn't handle this unless you modified AllowedUsers on the page load (which is dangerously close to Authorized Users who may or may not be able to view the page at all) . . . it seems more of a global thing to me.

By adding General application level roles you could specify Marketting has modify writes on some pages but not on others.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Why use this lambda? 12 65
How to force output to ascii 2 41
Trigger C# code inside the SQL Server 6 36
CSS for Popup in ASP.NET 4 19
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question