MVC.NET Tag For Checking Roles (equivalent Of Declarative Attribute PrincipalPermission)?

Apr 5, 2010

I use declarative roles in my MVC.NET controllers and I have a custom membership & roles provider.This works fine:

[Authorize(Roles = "ADMIN")]

Also, I have a base MVC.NET CustomController class that all controllers derive from, and it has a "currentUser" property that is auto-fetched from the session on demand, so all controller code just refers to "currentUser" and doesn't worry about sessions, httpcontext, etc. I've implemented the membership provider properly, as it works with other parts of the framework that just deals with providers, but until now I had not tried to access the "User" principal from a view.What is the simplest syntax for check roles in a view page? I know I can use a helper to generate a partial view but I don't want that here, I want to explicitly wrap some sections of a page in some role checks.Something like this:

<% if(currentUser.IsInRole("ADMIN") { %>
...
<% } %>

View 1 Replies


Similar Messages:

Security :: Equivalent For LoginView Based On Roles?

Apr 21, 2010

I have a website where users can login and they have different roles/privileges. I want to have it where the user's view of the webpage is determined by their role. Right now I am storing the role in the UserData property of the FormsAuthenticationTicket class (which is retrieved from a database during login). When the main page is loading, I want it to check the user's role and then only show the controls/portions of the page that are for that role. For example, if the user is not an administrator, they shouldn't be able to click on a button to delete a record. At the moment I am using labels to hide or show areas depending on the user's role. Something like this:

[Code]....

[Code]....

And here is a portion of the markup code with the Labels:

[Code]....

This works, but doesn't seem to be a very good way to handle this type of thing. Is there a cleaner, more elegant way of doing this? Something similar to the LoginView control, but which I can use for roles?

View 4 Replies

MVC :: VB.Net Equivalent To The "" Attribute Of A C# Based View?

Nov 24, 2010

Is there a VB.Net equivalent to the "<dynamic>" attribute of a C# based view? Example:

[Code]....

View 3 Replies

Roles Authentication Works Using Authorization Attribute But Not Via Authorization In Web.config?

Mar 29, 2011

I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...

My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:

[Authorize(Roles="Administrators")]

However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:

[code]....

However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.

If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.

View 1 Replies

C# - How To Handle PrincipalPermission Security Exceptions

Feb 28, 2011

I have a simple method that is secured

[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
protected void lnkClearCache_Click(object sender, EventArgs e)
{
}

If this is clicked without the role, it generates a System.Security.SecurityException: Request for principal permission failed. as expected.

I use ELMAH to handle logging for my errors, and I have a custom ELMAH event in my global.asax to transfer to the error pages in ways that preserve status codes which works correctly.

[Code]....

This works all well and fine and redirects to my error page which works properly, however instead of displaying the content as expected. I immediately get a second request for the error page but this time using the value of customErrorsSection.DefaultRedirect that does not come from my code in any way that I can see.

As far as I can tell it's almost as if when .NET raises an exception for PrincipalPermission and then lets the entire request complete, then after the request is complete it throws away the application response and instead responds with the default custom error.

When I'm debugging I do break on 2 separate exceptions for PrincipalPermission, whether this is a just a rethrow by .NET I'm not sure but my .NET code never sees the 2nd throw, nor does ELMAH. I always end up with a single response, single error logged, but that the url that finally renders to the browser is the default url and not 403 url that I specifically server.transferred to. If I browse to a /location that is secure I properly get the 403 error page.

View 1 Replies

Converting Declaractive PrincipalPermission To Programmatic?

Dec 21, 2010

I currently have two roles like this:

[PrincipalPermission(SecurityAction.Demand,
Role="DomainAdmin")]
[PrincipalPermission(SecurityAction.Demand,
Role="DomainAnotherRole")]

The problem is that this inherited code is specific to the domain, and I want to eventually get the roles from the web.config file, so I can work on a VM not in the domain. have seen an example like this:

PrincipalPermission permCheck = new PrincipalPermission(
null,
@"DomainAdmin");
permCheck.Demand();

Since this throws an exception if user is not in role, how do I change this example to allow either of the two roles? I could use multiple IPrincipal.IsInRole() and then throw my own exception, but seems like there is probably a way to use the .Demand method with multiple roles. Update 12/21: Sample Code based on Union link from Ladislav's answer below:

PrincipalPermission ppAdmin = new PrincipalPermission(null, @"DomainAdmin");
PrincipalPermission ppAnother = new PrincipalPermission(null, @"DomainAnotherRole");
(ppAdmin.Union(ppAnother)).Demand();

View 1 Replies

C# - PrincipalPermission Versus Web.config For Page Access Controls

Jul 13, 2010

I currently have my access permissions in web.config:

[code]....

This is a very weird one... I just added ASP.NET4 routing, which changes the URLs. So, all of a sudden my web.config permissions are no longer valid! Similar to point #2 above.

I was thinking it would be better to just use PrincipalPermission as security attributes for the classes/c# files involved in each aspx. My question:

More importantly... My PrincipalPermission attribute generates an exception (good) but does not redirect users back to the logon page (bad).

View 2 Replies

Is It Possible To Declarative Pass Properties

Apr 19, 2010

is it possible to declarative pass properties (in my case property of DataContext type) to User Control without DataBinding.

Now code looks like this:

[code].....

View 4 Replies

How To Make All Of The Roles Defined In RoleGroup> Required? (i.e. User Must Meet All Roles)

Feb 24, 2011

Let's say I have a rolegroup as follows:

<asp:LoginView ID="lvDoSomeStuff" runat="server">
<RoleGroups>
<asp:RoleGroup Roles="RoleOne,RoleTwo">
<ContentTemplate>
...
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>

Is there a way I can make it so that a user must meet RoleOne and RoleTwo to satisfy the RoleGroup? By default, if a user is in either of the two roles, they will be granted access. I know I can do this via the code-behind, but I'd prefer to be able to wrap some content template with this markup instead of having to wrap it in a panel and hide the panel programmatically.

View 1 Replies

Databinding To A Sub Object Declarative Syntax?

Mar 9, 2010

What is the format for databinding to a complex "object"? I have a linq to sql class that has containment, i.e object.containedobject.I want to reference the sub objects fields declarative.So I've tried my MySubField.MyBasicProperty and that did not work, as well as, MySubField_MyBasicProperty.

View 2 Replies

Sample C# Code To Manage Roles With Roles Provider?

Sep 21, 2010

i want to implement asp.net role provider to assign users over my LAN to roles and have my asp.net intranet app implement security based on roles.

i dont want to use VS to manage this with the built in tools but rather hand this off to users to manage themselves. i want an admin folder with a page(s) for admin roles to be able to create/edit roles and manage users in roles... this way an admin can add a domain user (MyDomainUsername) to a role such as ProojectManager or Tester or Developer... and users wont need to contact me for these tasks...

can anyone provide me a link (or some sample code) to some sample i can use to admin roles and users over a LAN in asp.net with c#?

View 1 Replies

Security :: How To Hide Multiple Roles With Roles.getallroles()

Mar 7, 2011

I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.

Here is my current code

[Code]....

View 2 Replies

Generics - Declarative Syntax For A Collection Of Value Types?

Jul 16, 2010

I know that in ASP.NET (talking about 2.0 here primarily) one can set a property on an object that takes a collection of things (an enumerable type I'm guessing is the trigger) and then reference it declaritivly. For example:

<ObjectDataSource properties="blahblahblah">
<SelectParameters>
<asp:Parameter />
</SelectParameters>
</ObjectDataSource>

It is the <asp:Parameter /> part which is the root of my question. Say I wanted a simpler collection on a type. Say a List<String> or if generics are out, an IntegerCollection or StringCollection. How would I use that declaratively? Is <string value=''> allowed, or can I put raw values into it like <StringCollection>string, string, string</StringCollection> or what?

EDIT:

I feel like I was not clear enough in my question. I understand that ObjectDataSource implements its SelectParameters property as a ParametersCollection, and that one can use that property declaratively (in an ASPX page) to set up Parameter types within that collection. What I'm wondering is if I made something like StringCollection as a property on another control, is there a syntax (in ASPX) for adding strings to that collection? Or would I have to define a wrapping class like how DropDownList takes ListItems to fill its collection?

View 2 Replies

Web Forms :: User Control With Declarative Paramaters?

May 19, 2010

Is there anyway to pass parameters to a custom user control using declarative paramters.E.g.

<MyUserContrl id = "" runat="">
<PARAM Title = ""/>
<PARAM SelectTable="" />

[code]...

View 6 Replies

C# - Interdependent Dropdowns In Gridview Using Declarative Programming?

Feb 14, 2010

I have a binded dropdown control in the gridview under edittemplate. Now i wanted to populate the second dropdown in the same gridview based on the first selection. I dont have options but use the gridview & declarative coding.

Also i am using the objectdatasource here.

View 1 Replies

MVC :: Razor: Referencing Declarative Html Helpers?

Dec 15, 2010

I'm trying to write a simple declarative html helper: [Code]....

The helper works fine if I embed it into the page I want to use it on. But if I move it to a separate .cshtml file and place that file in the ~/Views/Helpers directory, my view can't be compiled anymore because the helper is not found.According to Scott Gu's blog article on Razor it should work.

The only workaround I have found so far is placing the Html helper in App_Code and Referencing it as @[MYHTMLHELPERFILENAME].Echo(...) . This works but is a bit messy since I don't want to repeat the name of my extension method (Echo.Echo("inputstring"), nor do I want to put all of my html helpers into one single file (something like MyHtmlHelpers.cshtml).It certainly isn't what Scott announced either, so I guess I must be doing something wrong.

View 4 Replies

Forms Data Controls :: Attribute 'onchange' Is Not A Valid Attribute Of Element 'TextBox'

Mar 31, 2011

<asp:GridView ID="GridView1" runat="server">
<Columns>
<asp:TemplateField>
<ItemTemplate>
<asp:TextBox ID="TextBox1" onchange="calculate()" runat="server" Text="0"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>

I'm getting this error on the above markup: Message 1 Validation (ASP.Net): Attribute 'onchange' is not a valid attribute of element 'TextBox'.

View 2 Replies

Web Forms :: Getting Error / Unrecognized Attribute 'targetFramework'. Note That Attribute Names Are Case-sensitive

Mar 17, 2011

I have a problem with my web site 1stSigBdeAssn.org. I have made no changes to the site but I now get the following error message:

Parser Error Message:

Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive.

Source Error:

[code]....

View 4 Replies

Web Forms :: Attribute 'Master' Not Valid Attribute Of Element 'Control'

Feb 1, 2011

I created a simple Master Page in Visual Studio 2008:

<%@
Master
Language="VB"
CodeFile="MasterPage.master.vb"
Inherits="MasterPage" %>
<!DOCTYPE
html
PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"

and got green underlined 'Master' with two warning messages: 1.Validation (ASP.NET): This attribute name must be followed byan equal (=) sign and a value. If the value is in quotation marks, the quotation marks must match. 2. Validation (ASP.NET): Attribute 'Master' is not a valid attribute of element 'Control'.How I can get rid of the messages?

View 3 Replies

Web Forms :: How To Add Multiple Controls To Declarative Catalog Part By Default

Feb 11, 2011

i want to add control 1, control 2 etc.. by default in Declarative Catalog Part

and using following code

[Code]....

but it only displays last item in it

any one guide me what mistake am i doing or what is the solution to my problem?

actually i want to give default 4-5 webparts options so that user could add it to page

View 1 Replies

Forms Data Controls :: Exception Handling With Declarative GridView?

Jan 17, 2011

I'm using Visual Web Developer 2010 Express with C# 2008 and .NET v4.0 to create a website which will have a database application. The database is SQL Server 2008.

I would have searched this forum for similar questions but I can't find a 'Search this forum' option! So I apologise if someone has already answered this.

I've successfully displayed rows from my database by dragging and dropping a GridView and an SQLDataSource control onto my page, and by using the Connection Wizard to set them up. But when I go live with my new pages, I will have to put my database in a different folder, and until I edit the web.config connection string to point at it I expect to get an exception.

I understand that when you try and open a database connection, this is the perfect place to use try...catch exception handling. But all the examples I can find put the try-catch code on the Button_Click event! Where should I put it? I can' t find anywhere where my controls actually attempt to open the database!

I know I could rip out what I've done and write all the code to connect to the database myself, but as I've finally got everything to work I would prefer to make the change as small as possible. So, what is the minimum change I have to make to add exception handling to my datasource/ gridview?

View 6 Replies

Security :: Automatically Assigning Roles / Standard Practice For Assigning Roles To Newly Signed-on members?

May 17, 2010

Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.

View 6 Replies

Get All Roles, But A Select Few / Get All The Roles Except Administrator?

Aug 13, 2010

I have run into a problem where I need to remove certain items from collections that seem to only have get all functions.

My Idea is to get the full collection and then remove the unneeded items. Then take that new collection and bind it to whatever I need.

For example How do I get all the roles except administrator?

Roles strRoles = Roles.GetAllRoles()
RoleList.DataSource = (Roles) roles; //Roles.GetAllRoles();
RoleList.DataBind();

or How do I get all users but say user123

MembershipUserCollection users = Membership.GetAllUsers();
UserList.DataSource = users;
UserList.DataBind();

View 1 Replies

Forms Data Controls :: ListItem Error Message Validation(ASP .Net):Attribute CssClass Is Not A Valid Attribute Of Element ListItem

Sep 17, 2010

I have a tag:

<asp:ListItem
CssClass="LabelCSS">Executive</asp:ListItem>

and I am getting the error message

Validation(ASP .Net):Attribute CssClass is not a valid attribute of element ListItem.

What attribute would I use for Css with ListItem?

View 2 Replies

Configuration :: Unrecognized Attribute "targetFramework" Note That Attribute Names Are Case - Sensitive While Hosting

Nov 29, 2010

i'm trying to host an .net framework4.0 application in IIS7. i got an error while clicking on the manage module in modules .like ("Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive. ") .I changed my application poll to .net4.0.I am able to browse my application

</system.serviceModel>
</configuration>

View 5 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved