Filtering a Grid String Column with Multiple ASP.NET Membership Roles

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-06-27
I need to create a global grid filter in ASP.NET C# which filters any grids that have the ROLE field.

The user may have multiple ASP.Membership roles, although each grid row only has 1 role.  The grids are populated from Views which have a Column called Role (eg Advanced or Introductory). We also have multiple variables in session, although do not want to expose any sensitive information.

If the User is NOT Authenticated they only see demo videos. This is a boolean field in the database.

If the user is authenticated they see row records corresponding to their role.  The logic needs to occur on page load or grid render to ensure the user only sees the correct content.

The solution needs to be independent of new roles added. So if a new role is added no extra coding is required, the code just loops through roles for a string match. The solution may be a Class or part of the Base Masterpage.

I have a SQL query that casts all roles into comma seperated values if that is of use.  Roles Query
We are using Telerik Controls, although this should not affect the outcome.
Question by:XGIS
  • 2
  • 2

Expert Comment

ID: 37004760
From your given info, I assume that you want to show some links (to contents) in grid which is particular to user logged in. However, you want to make sure that, only authorized (e.g. use in particular role) users gets to see relevant grid of links (contents).

Basically, you will need to create a relation between content link and roles in database table. Which will have columns like this (sample table):  LinkRoleId (Primary key), LinkId, RoleId (or RoleName).

Than you can create a relation between a link/content for a particular role(s) like this:
 LinkRoleId, LinkId, RoleName
 1                 10       Admin
 2                 10       Introductory
 3                 11       Admin

So, link id 10 is available for admin and introductory role but 11 is only allowed for admin role. I guess you have content links in database or something. And while you prepare grid/table for links, you just check in sql query that this user is authorized from relation table and show those links only.

Does it makes sense to you?
Or I have not got whole point?

Author Comment

ID: 37005223
The standard view that will be used will have at least the 3 following fields;
a RowID field, a Role String Field and the Text related to that row record.
 Role Filter Sample
Of the users in the original image;
User1 would have access to 5/8 videos
User2 would have access to 8/8 videos, since they are Admin.

Normally a user would NOT be Admin, If this was the case they could access 6/8 videos since there is 1 row for advanced.

All pages in this APP are based on a BASE master page which ensures the user is authenticated at all times.  This is not that hard to do although I am trying to achieve the code in one location only if possible.

The below example is from a previous APP that used VB Script. This initiated the user into session and then maintained a simple UserFilter to filter Rows based on the CMAID. The solution required the filter to be placed on each page which is OK but not optimal.

' User Validated event
Sub User_Validated(rs)
Session("CMAID") = rs("CMAID")
End Sub

//Grid Filter - Declared on the GRID page or on the master page
Function UserFilter()
UserFilter = "CMAID = " & Session("CMAID")
End Function

Open in new window

I have a base View/Query which creates the required joins from the sensitive data. The Base tables have a field 'Role', so when i create a View the data is there. Then I just need the comparison logic.

The logic iterations post authentication is to store the Role variables for that user in Session.
On each page Load event a quick check is done to find if a Role Field Exists in the View. This makes it independent of new roles added.
The string match then occurs before the grid rows render.

Hopefully this will provides a better idea on what i am trying to achieve.

Other Views are built on this to ensur

Accepted Solution

gery128 earned 2000 total points
ID: 37005368
From you posts, I understand that:
- you display grid of content on multiple pages
- primarily this content links are from the single table
- you store role for authenticated user in session
- you need a common class which will be checking if the role has permission for the view data

So where are you stuck?
Create a common class which will have method. In this method you can pass user roles (thru session or authentication cookie data) and query the database shown (with help of Data Access Layer of course) in your 2nd post to access the data. And return objects from there.

Author Closing Comment

ID: 37034820
Thankyou for the feedback,
We ended up pulling the Username to string and casting the VIEW with username and filtering on that Session field.  Only 1 line of code behind. Nice!

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Integration Management Part 2
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question