Authorize Pages Based Upon The Data Present In The Query String Of A Url, Not Just The Page Name?
Aug 31, 2010
Summary: I need to authorize pages based upon the data present in the query string of a url, not just the page name.
Background:
Let's say I'm building a library inventory system. Users can be created and assigned to a single library in either an Admin or User role. There are hundreds of competing libraries in the same database, so it's important to ensure that users of one library cannot view inventory from another library.
Right now I'm using a pretty standard ASP.NET setup: Forms Authentication using the SqlMembershipProvider. Authorization using the SqlRoleProvider, configured via <authorization> sections in the web.config. Security trimming with the SiteMap provider to hide unauthorized pages.
To control the inventory information from leaking, I'm manually checking a user's associate library ID with every inventory query. It works, but it's tedious and prone to errors. There has to be a better way.
Question:
Now users have the ability to create arbitrary "collections" within a library. (e.g. Collection A has Books 1, 2, & 3 in it.) Admins want the ability to grant Admin / User access on individual collections, not just the entire library.
So, if a user goes to www.com/Book.aspx?BookId=1, the system needs to ensure that user has permissions for the collection that "Book 1" is in before showing the page. If they go to www.com/Reviews.aspx?ReviewId=23, I need to make sure the Review is for a book that is in a collection that they have permission to view.
1) How can I implement this in the most standard ASP.NET way possible?
Manual checking within a base page?
A custom HttpModule?
A custom Role Provider?
I'm not interested in how to store the admin/user permissions, but rather how/where to authorize based on those permissions.
(examples on how to implement any of those are appreciated)
2) To further complicate it, I'd still like security trimming to check if the user has Admin rights on any collection or library and hide the admin pages if he doesn't.
View 1 Replies
Similar Messages:
Feb 25, 2010
i have a page with a piece of code. what the scenario is that that page can have more than two querystrings. for example it may have home.aspx?pck=1 or sumtimes it may have home.aspx?name=a
so i want to redirect to someother page based on the query string the page has.
[Code]....
this is what i have done now....bt couldnt work through it...its raising an exception saying "reference is not set".
View 3 Replies
Mar 9, 2011
I've a page in ASP.NET, whose appearance can change based upon a given parameter(say query string),
How can I achieve this in ASP.NET, Master pages concept won't work here, as even the contents of the page and positioning of the controls on the page can change based upon the parameter.
One solution I can think of is using XSLT, but is there any other solution I can use to solve this problem? Is there any concept of templates I can use here?
View 1 Replies
Oct 6, 2010
Question basically crams it all in... I'm loading a page with a querystring (ID), and I need to use that ID to set the selected item of a ListView when the page loads. The ID is a DataKey on the ListView. I have no code of value to post--none of my attempts at this work.
View 2 Replies
Aug 9, 2010
In my Application_BeginRequest I have code that gets query string value ?c=FR or ?c=US and store it in cookies.Based on query string value I have either US or FR,locale is selected from locale table.If ?c=FR then locale will be fr-FR and if it is US then locale will be en-US.My code is below.
void Application_BeginRequest(object sender, EventArgs e)
{
LocalizationInfo loc = GetLocalizationInfo();
if (Request.Cookies["Localization"] == null)
Response.Cookies.Add(new HttpCookie("Localization"));
Response.Cookies["Localization"]["Country"] = loc.Country;
CultureInfo objCI = new CultureInfo(loc.Locale);
Thread.CurrentThread.CurrentCulture = objCI;
Thread.CurrentThread.CurrentUICulture = objCI;
}
public static LocalizationInfo GetLocalizationInfo()
{
string countryCode = "";
string sLocale = "";
if (HttpContext.Current.Response.Cookies["Localization"]["Country"] != null)
countryCode = HttpContext.Current.Response.Cookies["Localization"]["Country"];
if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["c"]))
countryCode = HttpContext.Current.Request.QueryString["c"];
if (countryCode == "")
countryCode = "US";
sLocale = HertzRent2Buy.DataProvider.ListData.GetLocale(countryCode);
LocalizationInfo ret = new LocalizationInfo();
ret.Country = countryCode;
ret.Locale = sLocale;
return ret;
}
public struct LocalizationInfo
{
public string Country;
public string Locale;
}
Now when I run the project and in query string I set [URL] then for the very first page(home page itself) it shows me French translation,but on subsequent page,that query string parameter ?c=FR is lost and hence it shows be English translation not French translation since it does not pickup French resx file.If I manually append ?c=FR in subsequent page then it shows the French translation.Is there is way how I can make that query stringparameter available in all pages.Structure is there to hold Country and locale variables. In all pages I am calling GetLocalizationInfo() method as follow
LocalizationInfo info = some.DataProvider.Globalization.GetLocalizationInfo();
And I create instance info to pass locale and country as parameter. GetProductDetails(id,info.Country,info.locale). why my query string parameters get lost on subsequent pages.
View 1 Replies
Jan 13, 2010
I need to know how can I select a gridview row based on a query string data. In my case, the query string will contain the id that exist in the Table related to that grid. Is there a way to do this from the code behind? In other words, if I click a link with that specific query string, can I open the page and tell my grid to select a specific row based on the table row id?
View 1 Replies
Apr 14, 2010
I want to add a class to a div inside my repeater control based on whether the query string value is true or false, so that I can style it differently.
View 6 Replies
Feb 8, 2011
i dont understand where is the problem with my code. i need to pass the request_id to another page but it is always passing the integer values as 0. whenever it comes to pass integer values it is passing it as 0 even if i perform conversion of string to int.
[Code]....
View 6 Replies
Jun 21, 2010
On the left hand side I have a tree navigation . It is populated from a XML file with . What I want to achive is when a querystring of the value of the XML file is matched , the tree node sets a setfocus or highlights on a particular node from the querystring passed through. I cant find a method which mimmicks findtreenode with value x and sets a selected .
e.g treenode is filled
home
|
folder 1
| -- item 1
| -- item 2
|
folder 2
| -- item 3
| -- item 4
when a querystring of SC=Item 1 is passed , it should search against the tree and open the folder branch and select item Item 1
I can use a for next loop and loop through each node but it will get slower as more nodes are added.
View 2 Replies
Nov 23, 2010
I have a HyperLink column in a gridview that when clicked should navigate the user to another page. I pass parameters to the page using a querystring. i want to encrypte the querystring when it passed to another page
View 1 Replies
Jun 18, 2010
my requirement is : am having a excel sheet with some values listed i want to pass each value present in any(specified) column to a text box present on a remote page (a site other than mine) as a input and capture the result displayed on the page and then store the input and reuslt side by side in db this should repeat till the end of the input values in the excel sheet.
View 2 Replies
Jan 26, 2010
This query does not return any record
[code]....
View 3 Replies
Nov 25, 2010
I have a page A with an EDIT LINK. When click it sends a parameter to a second page B, which contains a DetailsView in Edit mode.Page B take care of editing the details.
A.aspx?AuthorId=89
My problem is: I am not able to visualize the Right AuthorId passed from page A.aspx in the DetailsView in B.
What I am missing? Please if you have send me a link with some tutorials. Thanks for your time!
Here code for DetailsView -----------
<asp:DetailsView ID="DetailsView1" runat="server" AutoGenerateRows="False"
DataKeyNames="AuthorId" DataSourceID="EntityDataSource1" Height="50px"
Width="125px" DefaultMode="Edit">
<Fields>
<asp:BoundField DataField="AuthorId" HeaderText="AuthorId" ReadOnly="True"
SortExpression="AuthorId" />
<asp:BoundField DataField="UserId" HeaderText="UserId"
SortExpression="UserId" />
<asp:BoundField DataField="FirstName" HeaderText="FirstName"
SortExpression="FirstName" />
<asp:BoundField DataField="LastName" HeaderText="LastName"
SortExpression="LastName" />
<asp:BoundField DataField="NoteInternal" HeaderText="NoteInternal"
SortExpression="NoteInternal" />
<asp:BoundField DataField="ContentAuthor" HeaderText="ContentAuthor"
SortExpression="ContentAuthor" />
</Fields>
</asp:DetailsView>
View 2 Replies
May 7, 2015
How Can Redirect Search TextBox Value to default page On Search Button Click Asp.net..Here is my Code
div>
<asp:TextBox ID="TextBox1" runat="server" Height="37px" Width="526px" style="background-color: #CCFFFF"></asp:TextBox>
<asp:Button ID="btnsearch" runat="server" placeholder="Search By Brand Name" Text="Search" OnClick="btnsearch_Click" Style="font-weight: 700; color: #0000CC; background-color: #FF6600;" Height="39px" Width="108px" />
<asp:Label ID="Label4" runat="server" Text=""></asp:Label>
</div>
I Have A TextBox for Search Box And A button On My About Us Page ...i want to redirect The Search Box Value On default Page With Search Data from My Datalist That is belongs to Default Page.When I Click On Search Button The Value of Search Box Redirect To Default Page And Show value Data from Datalist
View 1 Replies
Apr 15, 2010
I am using a master page with a treeview control. I have 2 other pages Summary.aspx and Home.aspx
I want the Summary page to be loaded when I run the application but afterwards I want to load the Home.aspx page based on the selected Node change event of the treeview control.
I have placed the treeview control in master page because it has to remian the same for all my pages.
Did I do something wrong? The problem is I am not able to load the pages based on events occuring for Tree view control.
View 1 Replies
Jul 12, 2011
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />
[Code] ....
View 7 Replies
Mar 2, 2011
Suppose I have one table called [Code]....:
[Code]....
I want to see the specialist name and his jobs IDs horizontally.
[Code]....
A specialist may have
[Code]....
jobs. Suppose specialist
[Code]....
has 10 jobs where BEN has 5 jobs.
In this way I want to show specialist his jobs horizontally where the number of jobs may vary per specialist.
How can I do this in SQL?
View 13 Replies
Dec 5, 2010
How do I create a query string from photopath on my database.aspx page to my handler.ashx page. I want the handler page to pick up on my photopath string contained here:
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
string PhotoPath;
GridViewRow row = GridView1.Rows[GridView1.SelectedIndex];
PhotoPath = row.Cells[5].Text;
PhotoPath = HttpUtility.UrlEncode(PhotoPath);
HttpWebRequest request = (HttpWebRequest)
WebRequest.Create(PhotoPath);
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();
Stream resStream = response.GetResponseStream();
using (System.Drawing.Image img = System.Drawing.Image.FromStream(resStream))
{
img.Save("temp.jpg", ImageFormat.Jpeg);
}
}
}
}
}
}
}
and then to retrieve it in my GetImage.ashx handler page here:
public class GetImage : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
{
string PhotoPath = System.Web.HttpContext.Current.Request.QueryString["PhotoPath"];
PhotoPath = HttpUtility.UrlDecode(PhotoPath);
FtpWebRequest request = (FtpWebRequest)FtpWebRequest.Create(new Uri(PhotoPath));
request.Method = WebRequestMethods.Ftp.DownloadFile;
request.Credentials = new NetworkCredential("Administrator", "commando");
try
{
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
Stream stream = response.GetResponseStream();
byte[] bytes = new byte[2048];
int i = 0;
MemoryStream mStream = new MemoryStream();
do
{
i = stream.Read(bytes, 0, bytes.Length);
mStream.Write(bytes, 0, i);
} while (i != 0);
context.Response.Clear();
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.ContentType = "image/jpeg";
context.Response.BinaryWrite(mStream.GetBuffer());
}
catch (WebException wex)
{
//throw new Exception("Unable to locate or access your file.\nPlease try a different file.");
}
catch (Exception ex)
{
throw new Exception("An error occurred: " + ex);
}
}
}
public bool IsReusable
{
get
{
return false;
}
}
}
}
View 1 Replies
Feb 23, 2011
i have a page from which i send a email to a client which has link to this page with a query string. when we click we fetch the value of query string in the page load. But its showing an error when we load the page because at that time we are not sendign the query string.
View 3 Replies
Jan 17, 2011
I have an ASP.NET website in which I have to perform a certain operation. I have to displaying the ID's from the DB on menu.aspx page in this format {1:2:3:4}. The above format is not a problem and can be just be written with
[Code]....
But here comes my question. I have to generate this ID when the user types the query within the URL somewhat like
[Code]....
Note that I am saying that user will type this URL. I know that query string can pass the values from one form to another but this is a single web form and if I attach this [Code].... , it should return the result. How can this be done?
View 3 Replies
Jul 26, 2010
I have page A, B and C. In the page load of C, i have used a query string parameter to display some tables depending on where it came from, either A or B. Page C has Cancel button. When a user clicks Cancel, it has to check where it came from and should redirect to same page, i mean either A or B. I am not at all sure how to use query string for redirecting.
View 2 Replies
Mar 6, 2011
I have a page signup.aspx where user can register, how this page will find from which page request came from and how it will redirect user after registration to the requesting page, i want to do this using query string but don't know how PLZ SHOW ME CODES.
View 2 Replies
Mar 2, 2015
I have a page on my website with access granted to logged in users (I'm using the built in asp.net membership database). This works.
However, when passing a querystring parameter in combination with that url address, the user is denied access.
View 3 Replies
Jun 6, 2010
Suppose i have String like this "hgh343", "kjk98". Is there any Function available in .NET that will find the numbers present in the String ? i.e., from first string 343 and from second 98 will be returned.
View 7 Replies
Jun 3, 2010
I am trying to retrive the query string value and display it on the aspx page. The query string is passed from a gridview. Everything works fine except i noticed that when there is an '&' in the query string then the label on the page will display only uptil the '&' (i.e. excluding the '&'). Just so to let you know. I retrive the value of the querystring into a string variable and then assign it to the variable. I have noticed this only for '&' character but maybe there are more characters with sinmilar bahaviour that I am not aware of.if anyone has a workaround on displaying all the content from the querystring then do share.
View 4 Replies
