Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

control-level security in ASP.NET

Posted on 2011-03-25
3
Medium Priority
?
204 Views
Last Modified: 2012-05-11
hello,
i want to make a page and more than a user can access the same page.
but each user can see the controls on the page depending on its rule.
for example
user of rule "admin" can see the button "add user", "delete user" and "help"
while the user of rule "member" can see only the buttons "help"

so the page i want to build will have 3 buttons but each user will only see what he is supposed to see only.


any suggestions of the best mechanism to implement such a security??

thanks in advance :)
0
Comment
Question by:Suma5566
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
JosephEricDavis earned 1000 total points
ID: 35215602
I'm guessing you already have some sort of membership working in your site already so that you can identify the currently logged in user and what type of user role or group they belong to.

In the code behind in the page load you could give conditional logic to show or hide the different buttons based on which role the currently logged in user is part of.

If(User.IsInRole("admin"))
{
     btnAddUser.Visible = true;
     btnDeleteUser.Visible = true;
     btnHelp.Visible = true;
}
else if(User.IsInRol("member"))
{
     btnAddUser.Visible = false;
     btnDeleteUser.Visible = false;
     btnHelp.Visible = true;
}
0
 

Author Comment

by:Suma5566
ID: 35215975
thanks for your answer, i will consider your answer.

but i was thinking of a different solution, if you or another person may help me with it.

the idea is.....for example button "help" has property called "AllowedUsers" and this property can hold more than one value, lets say "Admin" and "Marketing".

for example, lets assume this code:

foreach(control cn in page.Controls)
{
     if(con.AllowedUsers.contains(LogedInUser.Role))
         con.visible=true;
     else
         con.visible = false;
}

I'm guessing if there is someway to implement it this way?
0
 
LVL 40

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 1000 total points
ID: 35217353
you would have to extend each control to have an AllowedUsers property.

The other thing to do is to define roles within your application
eg(Read / Write)

then based on the groups assign the user the proper role.  This could be done on a page by page basis.  

Say marketing can adjust marketing material, and see sales material (but not edit).  Your example wouldn't handle this unless you modified AllowedUsers on the page load (which is dangerously close to Authorized Users who may or may not be able to view the page at all) . . . it seems more of a global thing to me.

By adding General application level roles you could specify Marketting has modify writes on some pages but not on others.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question