Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

control-level security in ASP.NET

Posted on 2011-03-25
3
Medium Priority
?
209 Views
Last Modified: 2012-05-11
hello,
i want to make a page and more than a user can access the same page.
but each user can see the controls on the page depending on its rule.
for example
user of rule "admin" can see the button "add user", "delete user" and "help"
while the user of rule "member" can see only the buttons "help"

so the page i want to build will have 3 buttons but each user will only see what he is supposed to see only.


any suggestions of the best mechanism to implement such a security??

thanks in advance :)
0
Comment
Question by:Suma5566
3 Comments
 
LVL 7

Accepted Solution

by:
JosephEricDavis earned 1000 total points
ID: 35215602
I'm guessing you already have some sort of membership working in your site already so that you can identify the currently logged in user and what type of user role or group they belong to.

In the code behind in the page load you could give conditional logic to show or hide the different buttons based on which role the currently logged in user is part of.

If(User.IsInRole("admin"))
{
     btnAddUser.Visible = true;
     btnDeleteUser.Visible = true;
     btnHelp.Visible = true;
}
else if(User.IsInRol("member"))
{
     btnAddUser.Visible = false;
     btnDeleteUser.Visible = false;
     btnHelp.Visible = true;
}
0
 

Author Comment

by:Suma5566
ID: 35215975
thanks for your answer, i will consider your answer.

but i was thinking of a different solution, if you or another person may help me with it.

the idea is.....for example button "help" has property called "AllowedUsers" and this property can hold more than one value, lets say "Admin" and "Marketing".

for example, lets assume this code:

foreach(control cn in page.Controls)
{
     if(con.AllowedUsers.contains(LogedInUser.Role))
         con.visible=true;
     else
         con.visible = false;
}

I'm guessing if there is someway to implement it this way?
0
 
LVL 41

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 1000 total points
ID: 35217353
you would have to extend each control to have an AllowedUsers property.

The other thing to do is to define roles within your application
eg(Read / Write)

then based on the groups assign the user the proper role.  This could be done on a page by page basis.  

Say marketing can adjust marketing material, and see sales material (but not edit).  Your example wouldn't handle this unless you modified AllowedUsers on the page load (which is dangerously close to Authorized Users who may or may not be able to view the page at all) . . . it seems more of a global thing to me.

By adding General application level roles you could specify Marketting has modify writes on some pages but not on others.

0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective of This Article In 1990’s, when I was a budding software professional, I had a lot of confusion about which stream or technology, I had to choose to build my career. In those days, I had lot of confusion like whether to choose System so…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question