I have a website created in ASP.Net 3.5(C#) and I have configued asp.net defalut membership provider for it.There are 5 different type of roles in this site. Now I want to display a small role based (i.e. depending upon the logged in user's role) menu whenever a user log-in to the site.For this I have added the code in the OnPageLoad() event of the master page, here is the code -
Now I wanted to know Is this code is logcally correct? And what is the security level of this code?
I hv created menu using sitemap xmldatasource now i want to display that based on Category or Roles. I have Created 4 Category in my sql Server 2005. when particular user logged in based on his Category menu nodes should display.
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.
sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"
I'm able to do this.
If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If BUT unable to do this... If user's Department = 'Department XYZ' Then Do This Else Do that End IF
I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc
Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.
How to access datas based on user roles in asp.net ? For example : i have two admins (admin1, admin2). In the frontend ,admin1 has full access to datas(view,add,edit,delete all datas) while admin2 has limited access to datas(view,add,edit,delete certain datas alone and not all datas)
I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?
The scenario is as follows:
I have a folder "Gestao" that only allows users in role "Administrator"
If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.
How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?
Im going to develop an application with MVC.My app should have different kinds of users with different privileges...Users should also have a relation with one of many deparments.Im using Linq2sql classes.Questions:Should I use the built in system authentication?How should I implement it so that I can relate Users with departments??How would I add the privileges to limit actions based on the role of the user??..This is all pretty basic so Im sure I shouldnt need anything beyond the built in authentication system... correct?
I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users.
I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths.The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated.I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now.Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages?
Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway.Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
I have a tricky requirement where I need to categorise documents attached to a product, available for download, based on the status of the user viewing the product. I.e. my site displays a list of products, clicking on one displays a product details page, and this page includes a list a documents related to the product, such as data sheets, user manuals, etc.
I have been asked to group documents into three classes of availability, v.i.z. those available freely to all users, including anonymous; those available to logged on users; and those available to anonymous users that provide contact information before downloading the document, presumably to boost sales leads.
The anonymous and logged on availabilities are quite easy, but the third seems a bit tricky to me. My first question is, is there a way I can filter documents for only logged on users without hooking into ItemDataBound or something, and my second question is, what is recommended for the case where a user must supply contact information to download a document?
In the second question, it has crossed my mind to actually register the user, but without them having to visit the new user registration page, and then I have role based filtering of documents. Currently the new user registration process automatically adds the Member role to all new users. Users I register 'quietly', just so they can download a document, wont be assigned the Member role, distinguishing them from normally logged on members.
I have a Menu control in MasterPage based on web.sitemap file. My website has roles enabled (AspNetWindowsTokenRoleProvider) and uses Windows authentication mode. So, user has to be in a specific Windows Group to be able to access the site. I need to allow some users to see all menu nodes and some restricted set of nodes. How do I do that?
I would like to be able to create, say following Windows groups:
I want to execute some logic if the Logged in User can view a page "~/MyPage.aspx". IF the logged in user should be elligible to view the page is determined by the role based security I configured in the web.config file. There are many methods to find out if the user is in role XXX or not. But I did not find any method to find out if the user can view a page or not ahead of transferring the user to that page. Maybe I will hide a link to a specific page to the logged in user if the user is not elligible to view that page if I know the technique i am asking here to know.
Im pretty much a newb when it comes to developing throuh ASP.net. I was wondering if there is a way to allow users who create new accounts using the "Create New User Wizard" through VWD to select the type of role they belong to, or do I have to build a custom extender to do that?
The reason for this is I want the end user to select what "Type" (Role) of user they are and then have their user role page load and store their personal information in that role's section of the back end sql database.
I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..
i am using detialsview control.here i have edit and delete button. i am using autogenerateitbutton="true" autogeneratedeletebuton="true"**now i have user role as **admin ** and *normal user*** in DB i table as user column roleID, **here "1" is admin " 2" is normal user"**if the role type is admin(1) then show both edit and delete button if the role type is mormal(2) user then dnt show these two button for noprmal userhow can i achive this functionlity done here in detialsview control**how can i get these controlID(i.e edit and delete button) in .cs file based on that i need to show the edit and delete button**
I need to create a web page where the user can select from a variety of categories via a dropdown list, then enter a search term into a textbox to provide a search term. The category is going to dictate which controller to use, and the search term will be a query parameter for the List action of each controller.
What I can't figure out is how to dynamically create the route based on the users selection. How do I get the values selected from the dropdownlist and textbox into Url.RouteUrl?
We have an application where the controls are dynamically added to the form based on the logged in user,
This user controls related data is stored in the database. There is lot of logic in the code behind in the asp.net webforms which is so messy to maintain it, we are planning to re-write it using the MVC framework.
I would say there would be rougly 50 different forms based on the user logged in, is it good idea to create so many views and redirect to the appropriate view based on the logged in user, in some of the forms there might be minor difference like the order of the Control might change.
I am using 5 ,6 user control. I wanted to load diffrent user control on Click of menu bar. Means when I click on first link of Menubar 1 user control should load and 2 loaded when i Click on 2 link of menu bar. How to do that?
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
Im working with asp.net web application,I need to get multiple gridviews dynamically based on the count (which i get from database) for that i took a web user control and i added a gridview there . iwant to load that usercontrol in aspx.cs based on the count..
I wont to create a User Control based in gridview that have the edit add delete incorporate,the problem is these:In the admin part of my web site i have to repeat the same action for view add delete update the data for different datasource.I wont to create a generic gridview that have incorporate these action.The gridview can take a xml file for configure him self dependently of the request for desplay the data.
I have two member roles at my project: 1.) Administrator 2.) Member
From the toolbox in Visual Studio 2008, I have dragged and dropped the create user wizard into the stage. I aim that a guest can register itself and automatically join the "member" role. Not the role "administrator". How can I do that?