i have a dropdown listS bounded to database
i need that the strongest role- lets say admin would be able to get all the lists from the database
while other roles would be able to see/get less values
I need to populate a dropdown list with users who match certain role criteria. For example, if I have the following roles: Manager, Employee, Supervisor I would like to populate the list with only the Manager and Employee roles. Some individuals have multiple roles and they should be excluded if they also have the Supervisor role as illustrated below:
Name: A , Role(s): Manager, Employee, Supervisor
Name: B, Role(s): Employee
Name: C, Role(s): Manager, Employee
The final list should only contain names B & C.
I can use Roles.GetUsersInRole("Employee") but I am not sure if this is efficient or not.
How do i Limit the dropdown box.OR MultiColumn display in dropdown box
View 1 RepliesI have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users.
I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths.The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated.I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now.Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages?
Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway.Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
Why asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 RepliesI'm trying to bind a selected user's role to a dropdown-list. The purpose of this is to be able to change said user's role.
I'm attempting this inside a formview hooked up to a linqdatasource which contains a row from the aspnet_User table.
The dropdown list is hooked up to a linqdatasource of all the roles in the aspnet_Roles table (with DataValueField="RoleID", DataTextField="RoleName").
I figured it would be possible with something like:
SelectedValue='<%# Bind("aspnet_UsersInRole[0].aspnet_Role.RoleID") %>'
But this throws a parser exception, about the bind call not being correctly formatted.
The roles are there, they show up when I remove the "SelectedValue"
1) I'm currently working for HR application with security roles
2) for that I created dynamic menu and set data source to sitemapprovider control with "AspNetSqlSiteMapProvider"
Now my client requirement is to change menu's based on drop down selection so that menus will be minimum and quite user friendly.for that I did following steps:-
Created Drop Down contains list of all Roles provided him in Master Page In Menu1_MenuItemDataBound event I grabbed the roles for that node and compared with role selected in drop down and deleted that node now what i need is on drop down_selected index change I want to recreate menu.
I have notice that the UpdatePanel post every field included on the form on every trigger.
But in most of my cases I use 2-3 UpdatePanels at the same page, and each one is independent.
When I click for update the one panel, then my page receive all the input data of the page (ok this is logical) but I won to read only this UpdatePanels data and act according, and not the other panels data.
So I see that a lot of traffic is happened this way.
So is there a way to say to one UpdatePanel - send only my input data, and not everything found on the page. ?
I have repeater which shows a list of users and there roles. There is also a dropdown list to chnage there role see below
<td><asp:DropDownList ID="ddlChangeType" class="controlwidth100" runat="server" AutoPostBack="true" OnSelectedIndexChanged="change" /></td>
the change event works but what I need is the ID of the row so the user can be updated.
I Have the gridview control with 2 dropdown list and 2 text boxes,When the textbox chnaged event happen 1 row will create and the dropdown back to initial values( its not retaining the selected values),I am binding the control after text changed method,Is there any properties needs to be set or any other way we can retain the values in postbacks?
View 4 RepliesWe use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 RepliesI have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
How can i get the role id, rather than the role name?
For instance with the code below
Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1
GridView1.DataBind()
I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?
<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />
I want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
in a web form, i am having two drop down controls, and in the first one control i am having, state names like some thing, and in another i have to fetch the concurrent city names for the first control, like if i select city name as 'A' it must fetch the related city names for the 'A' how could i do this.
View 2 RepliesI want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?
I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.
This is basically for a course management system for students to upload assignments and teachers to download and view them.
I have set Private Memory limit of 200mb in IIS 7 for an application pool. The Private Working Set memory(Task Manager) for the application is always below 125mb but the number of page faults have increased a lot and application cache is getting cleared frequently after setting the limit.
I haven't set any limit on Virtual Memory.why the cache is getting cleared even when the Private memory used is below the allocated memory?
I created a website and i restrired the website such a way that i can be acessed from a IP i configured.I did this as shown in below steps which i got from:
http://support.microsoft.com/kb/324274
Under IP Address and Domain Name Restrictions, click Edit.
Do one of the following:To deny access, click Granted Access, and then click Add. In the Deny Access On dialog box that appears, specify the option that you want, and then click OK.The computer, group of computers, or domain that you specified is added to the list.
To grant access, click Denied Access, and then click Add. In the Grant Access On dialog box that appears, select the option that you want, and then click OK.
The computer, group of computers, or domain that you selected is added to the list. Click OK.
But its not working . I am able to browse from other machine which have a different ohter IP. Do i have to configure somewhere else ?
I've set up a login control on a Login.aspx web page, which is authenticated using xml.
How do I stop people visiting my admin.aspx page when they are not logged in?
I know I can use [assembly: FileIOPermission(SecurityAction.RequestRefuse, Unrestricted = true)] to limit user to access disk files, now I hope to limit user to access database and web.config file, how can I do?
View 2 RepliesIs there a technical/performance limit on the number of roles an application handles? I'm in the process of designing an application which I forsee having a lot of roles created, to be able to handle the degree of granularity the system should have (e.g., permissions per project, where there could be a lot of projects).
Would you recommend another approach other than using roles for this kind of granularity?
I have a couple of aspx pages in c# and want to apply security on them. The way the current security works is that each user is assigned a role to enable him to add,edit or delete . for instance I have 3 roles, Accountant, finance and clerk,
[code]...
I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.
Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.
I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:
authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)
Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?
Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
View 1 Replies
