c# - ASP.net Authorization issue -


i have application uses active directory authenticate users login website.

i have table in database user types.

based on user type, users can see different views.

ex: normaluser can see 3 views (about - contact - view data) manageruser can see 5 views (about - contact - view data - delele data - update data).

how ever , view works fine have problem when example normaluser change url manualy updatedata.aspx see page of manageruser. how can prevent users accessing other pages ?

please note have stateview code in site.master

we use same authentication/authorization setup in several of our web apps, using windows authentication, , custom sql table authorization.

you have few options: recommend option 1 or 2.

  1. since have custom table stores user roles/types, write custom roleprovider (http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx ), , add web.config authorization rules restrict access pages based on user roles. have done in our application.

  2. use windows active directory groups in place of usertype table, , can add web.config authorization rules allow ad groups want. need use windows role provider (which believe default windows authentication, may not have change there).

  3. add code in page_load method of pages lookup user has access based on usertype table , throw unauthorizedaccessexception user not have access. if have few pages in app , don't have lot of concurrent users, "quick" solution, isn't cleanest option.

to add web.config authorizaiton rules, use syntax, , add <location> sections under root of <configuration> element, path can folder name or page name. asp.net auto-magically enforce these rules you. 

<location path="adminfolder">  <system.web> <authorization> <allow roles="admin"/> //allows users in admin role <deny users="*,?"/> // deny else </authorization> </system.web> </location>

use given roleprovider, can use user.isinrole("yourrolename") anywhere in code if need check user belongs given role.

here shell class layout including methods need implemented custom roleprovider in option 1. note: if have own ui managing role memberships, don't have implement createrole , deleterole methods. have throw new notimplementedexception() both implementation , works fine. need implement other methods.

public class mycustomroleprovider     inherits roleprovider       public overrides sub adduserstoroles(usernames() string, rolenames() string)      end sub      public overrides property applicationname string                  end         set(value string)          end set     end property      public overrides sub createrole(rolename string)      end sub      public overrides function deleterole(rolename string, throwonpopulatedrole boolean) boolean      end function      public overrides function findusersinrole(rolename string, usernametomatch string) string()      end function      public overrides function getallroles() string()      end function      public overrides function getrolesforuser(username string) string()      end function      public overrides function getusersinrole(rolename string) string()      end function      public overrides function isuserinrole(username string, rolename string) boolean      end function      public overrides sub removeusersfromroles(usernames() string, rolenames() string)      end sub      public overrides function roleexists(rolename string) boolean      end function end class

-

Comments

Post a Comment

Popular posts from this blog

html - Sizing a high-res image (~8MB) to display entirely in a small div (circular, diameter 100px) -

first of all, thank being patient know simple question more couple of weeks' experience figure out. i've seen folks persevere , helpful on here , hope you're willing me. here fiddle: http://jsfiddle.net/65uzf/ here 1 of places searched answers on here: ( vertically center image thumbnails fix-sized div ) tried solutions on there , didn't work out me. i've searched ~4 or 5 others, , been unsuccessful those, too. what want take large image (what linked background-image #ysypic , #tabpic divs) , display thumbnail version of image in confines of divs have set it. is, using background properties have laid out in css, portion of image displays inside of circular divs. without these properties, display defaults smaller section of image [presumably pi*(50^2) area in top left] terrible resolution. i not care if entire image doesn't display inside of circles (it won't, given difference in shape), , overflow not being displayed fine. want able see figu
Read more

java - IntelliJ - No such instance method -

using intellij's 12 ultimate, i'm running following code in debugger: java import play.api.libs.json.jsvalue; public class foo { ... public jsvalue tojson() { ... } public class fooexample { ... foo foo = new foo(); system.out.println("...); //<-- breakpoint at breakpoint, right-clicked source code , picked "evaluate expression," typing in: foo.tojson() . but following error showed up: no such instance method: play.api.libs.json.jsvalue$class.com.foo.foo.tojson () am doing wrong? foo#tojson calls scala code, if matters. edit had breakpoint after instantiation of foo. downvoted it, deserved it. edit my answer no longer valid after op modified question (i.e. moved breakpoint actual is).. a breakpoint hit before line executed. in case foo has not yet been declared or instantiated (i.e. foo constructor has not yet been called). you'll need put breakpoint @ next line (or step on current line) if want evaluate foo .
Read more

identifier - Is it possible for an html5 document to have two ids? -

i wondering if html5 element can have 2 ids, this: <button id="thing1" id="thing2" name="button1" onclick="change()">click here</button> or this: <button id="thing1, thing2" name="button1" onclick="change()">click here</button> also, if 1 of ids said 1 thing, , other id said thing, 1 used? tl;dr : no. in versions of html, each element can have 1 id. see the spec : the id attribute specifies element's unique identifier (id). [dom] the value must unique amongst ids in element's home subtree , must contain @ least 1 character. the value must not contain space characters. note: there no other restrictions on form id can take; in particular, ids can consist of digits, start digit, start underscore, consist of punctuation , etc. note: element's unique identifier can used variety of purposes, notably way link specific parts of document usin
Read more