Filtering a Grid String Column with Multiple ASP.NET Membership Roles

Posted on 2011-10-20
Last Modified: 2012-06-27
I need to create a global grid filter in ASP.NET C# which filters any grids that have the ROLE field.

The user may have multiple ASP.Membership roles, although each grid row only has 1 role.  The grids are populated from Views which have a Column called Role (eg Advanced or Introductory). We also have multiple variables in session, although do not want to expose any sensitive information.

If the User is NOT Authenticated they only see demo videos. This is a boolean field in the database.

If the user is authenticated they see row records corresponding to their role.  The logic needs to occur on page load or grid render to ensure the user only sees the correct content.

The solution needs to be independent of new roles added. So if a new role is added no extra coding is required, the code just loops through roles for a string match. The solution may be a Class or part of the Base Masterpage.

I have a SQL query that casts all roles into comma seperated values if that is of use.  Roles Query
We are using Telerik Controls, although this should not affect the outcome.
Question by:XGIS
    LVL 9

    Expert Comment

    From your given info, I assume that you want to show some links (to contents) in grid which is particular to user logged in. However, you want to make sure that, only authorized (e.g. use in particular role) users gets to see relevant grid of links (contents).

    Basically, you will need to create a relation between content link and roles in database table. Which will have columns like this (sample table):  LinkRoleId (Primary key), LinkId, RoleId (or RoleName).

    Than you can create a relation between a link/content for a particular role(s) like this:
     LinkRoleId, LinkId, RoleName
     1                 10       Admin
     2                 10       Introductory
     3                 11       Admin

    So, link id 10 is available for admin and introductory role but 11 is only allowed for admin role. I guess you have content links in database or something. And while you prepare grid/table for links, you just check in sql query that this user is authorized from relation table and show those links only.

    Does it makes sense to you?
    Or I have not got whole point?
    LVL 7

    Author Comment

    The standard view that will be used will have at least the 3 following fields;
    a RowID field, a Role String Field and the Text related to that row record.
     Role Filter Sample
    Of the users in the original image;
    User1 would have access to 5/8 videos
    User2 would have access to 8/8 videos, since they are Admin.

    Normally a user would NOT be Admin, If this was the case they could access 6/8 videos since there is 1 row for advanced.

    All pages in this APP are based on a BASE master page which ensures the user is authenticated at all times.  This is not that hard to do although I am trying to achieve the code in one location only if possible.

    The below example is from a previous APP that used VB Script. This initiated the user into session and then maintained a simple UserFilter to filter Rows based on the CMAID. The solution required the filter to be placed on each page which is OK but not optimal.

    ' User Validated event
    Sub User_Validated(rs)
    Session("CMAID") = rs("CMAID")
    End Sub
    //Grid Filter - Declared on the GRID page or on the master page
    Function UserFilter()
    UserFilter = "CMAID = " & Session("CMAID")
    End Function

    Open in new window

    I have a base View/Query which creates the required joins from the sensitive data. The Base tables have a field 'Role', so when i create a View the data is there. Then I just need the comparison logic.

    The logic iterations post authentication is to store the Role variables for that user in Session.
    On each page Load event a quick check is done to find if a Role Field Exists in the View. This makes it independent of new roles added.
    The string match then occurs before the grid rows render.

    Hopefully this will provides a better idea on what i am trying to achieve.

    Other Views are built on this to ensur
    LVL 9

    Accepted Solution

    From you posts, I understand that:
    - you display grid of content on multiple pages
    - primarily this content links are from the single table
    - you store role for authenticated user in session
    - you need a common class which will be checking if the role has permission for the view data

    So where are you stuck?
    Create a common class which will have method. In this method you can pass user roles (thru session or authentication cookie data) and query the database shown (with help of Data Access Layer of course) in your 2nd post to access the data. And return objects from there.
    LVL 7

    Author Closing Comment

    Thankyou for the feedback,
    We ended up pulling the Username to string and casting the VIEW with username and filtering on that Session field.  Only 1 line of code behind. Nice!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
    Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now