Authentication - How To Limit .net Control Actions Based On User Role

Mar 12, 2010

I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users.

I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths.The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated.I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now.Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages?

Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway.Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?

View 3 Replies


Similar Messages:

MVC :: Strongly Typed User Control On All Pages Based On Login Status And User Role

May 9, 2010

I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc

Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.

View 3 Replies

Security :: Use A Forms Based Authentication When Using A Role Manager?

Nov 30, 2010

is possible or do you have to use a forms based auth when using a role manager?

View 1 Replies

Security :: Finding Guideline For 'Role-based Authentication/authorization'?

Aug 26, 2010

In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own?

View 3 Replies

Security :: Role Based Authorization Using Froms Authentication Fails?

Oct 5, 2010

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

[Code]....

Web.config (Member directory):

[Code]....

Login.aspx:

[Code]....

Global.asax:

[Code]....

Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue?

View 1 Replies

Security :: Enable User To Edit / Delete Based On User's Role Permission

Feb 24, 2011

I'm trying to allow logged user who are in department XYZ to perform some task for my third party App. I have two SQL tables named Users & UserList. The third party app (GoldMine) graps the USERNAME from the Users table and store it as UserID which I then referecnce SessionID. The UserList table has two columns (GM_UserName & Department) which I'm interested in. When a user login into the 3rd party app (GoldMine), i then compare the USERNAME (from Users table) to GM_UserName (from UserList table) and see whether GM_UserName is in = 'Dept XYZ'. Take a look at the SQL query below.

sqlDept = "SELECT USERNAME FROM Users LEFT JOIN UserList ON UserList.GM_UserName=Users.UserName WHERE UserList.Department ='Dept XYZ'"

I'm able to do this.

If Session("Userid") = "TestUser1" Or Session("UserID") = "TestUser2" Then Do this Else Do that End If
BUT unable to do this...
If user's Department = 'Department XYZ' Then
Do This
Else
Do that
End IF

View 2 Replies

User Controls :: Show Hide Specific Section Of Page Based On User Type Or Role

May 7, 2015

I have LOGIN PANEL for student, and I want to disable it in different page. And only the admin can enable and disable it. I dont know the logic behind here.

View 1 Replies

Security :: Want To Redirect The User After The Log In Based On His Role?

Mar 17, 2011

i want to redirect the user after the log in based on his role. e.g. admin, userI already read the other threads.. I already used this:

[Code]....

And this:

[Code]....

I also tried the above codes on the Page_Load event.

View 7 Replies

C# - Access Datas Based On User Role?

Mar 21, 2011

How to access datas based on user roles in asp.net ? For example : i have two admins (admin1, admin2). In the frontend ,admin1 has full access to datas(view,add,edit,delete all datas) while admin2 has limited access to datas(view,add,edit,delete certain datas alone and not all datas)

View 2 Replies

Security :: How To Redirect Logged In User Based On Role

Nov 25, 2010

I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?

The scenario is as follows:

I have a folder "Gestao" that only allows users in role "Administrator"

[Code]....

If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.

How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?

View 2 Replies

C# - Create Menu Dynamically Based On User's Role?

Apr 18, 2010

How do I create a menu in a ASP.NET MVC2 Master Page, dynamically based on the current user's "role"?

View 3 Replies

Security :: Redirect User Based On Role To Specific Web Page?

Apr 22, 2010

I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.

For example:

If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.

View 8 Replies

Filtering Repeater Items Based On User Status / Role?

Dec 9, 2010

I have a tricky requirement where I need to categorise documents attached to a product, available for download, based on the status of the user viewing the product. I.e. my site displays a list of products, clicking on one displays a product details page, and this page includes a list a documents related to the product, such as data sheets, user manuals, etc.

I have been asked to group documents into three classes of availability, v.i.z. those available freely to all users, including anonymous; those available to logged on users; and those available to anonymous users that provide contact information before downloading the document, presumably to boost sales leads.

The anonymous and logged on availabilities are quite easy, but the third seems a bit tricky to me. My first question is, is there a way I can filter documents for only logged on users without hooking into ItemDataBound or something, and my second question is, what is recommended for the case where a user must supply contact information to download a document?

In the second question, it has crossed my mind to actually register the user, but without them having to visit the new user registration page, and then I have role based filtering of documents. Currently the new user registration process automatically adds the Member role to all new users. Users I register 'quietly', just so they can download a document, wont be assigned the Member role, distinguishing them from normally logged on members.

View 1 Replies

Security :: How To Find Out If The Current User Is Elligible To View An URL Based On Role Provider

Aug 17, 2010

I want to execute some logic if the Logged in User can view a page "~/MyPage.aspx". IF the logged in user should be elligible to view the page is determined by the role based security I configured in the web.config file. There are many methods to find out if the user is in role XXX or not. But I did not find any method to find out if the user can view a page or not ahead of transferring the user to that page. Maybe I will hide a link to a specific page to the logged in user if the user is not elligible to view that page if I know the technique i am asking here to know.

View 1 Replies

Security :: Creating A Interface For User Role Management Based On Built In Membership Provider?

Feb 18, 2011

I am creating a interface for User Role Management based on built in membership provider.I want to display all the roles as check boxes for a selected user. I am able to display all the roles in the database, but not able to load the specific user roles. For example, I am able to publish role 1 role 2 role3 role 4 as check boxes. But if the user is already flagged as role 1 and role 3, I am not able to show that data (role1 and 3 should be checked when form loads, but right now, they are not checked)...How do I get the roles as checked boxes display on a page.I am using a repeater control to display roles as check boxes on the page..

<asp:Repeater ID="UsersRoleList" runat="server">
<ItemTemplate>
<asp:CheckBox runat="server" ID="RoleCheckBox" AutoPostBack="true" Text='<%# Container.DataItem %>'

[code]...

View 1 Replies

Web Forms :: Add "role" Parameter / Property To User Control Containing LoginView Control To Set "Role" Possible?

Jan 13, 2010

I am in the process of creating a user control that enables content areas of our web application to be editable. The control utilizes the asp.net membership/role providers and incorporates a LoginView that only displays the edit link if a user has logged in and is a member of the desired role. What I would like to be able to do is pass the "role" as a property of the control so it can be set dynamically and does not have to be hard coded into the control if I use elsewhere in another application.

View 3 Replies

Security :: Limit Dropdown Values According To Use Role?

Feb 24, 2011

i have a dropdown listS bounded to database

i need that the strongest role- lets say admin would be able to get all the lists from the database

while other roles would be able to see/get less values

View 5 Replies

MVC :: Master Page Content Based On Actions?

Jul 2, 2010

Been browsing these pages for a while now and finally decided to say hi!I read about having an "Application controller" as mustinherit class for the actual controller to set content for the master page. But what I would like to do is to set some content to Master based on which actions are called on the controller.

For example..
/Backend/A1
... "Help content nr1 to master page"
/Backend/A3
/Backend/B1
... "Help content nr2 to master page"
/Backend/B10

And so forth. Ofcourse I could do this the "easy" way by just adding some clip on each of the actions. But I was wondering if there is a smarter way to do it. To check on the application controller which action is being called and select the "helpcontent" based on that to the Master.

View 1 Replies

VS 2008 - Restricting Access To Web Pages (on Intranet Site) Based On Role Based Authorization

Jul 12, 2011

I have a simple intranet site. It has a role based authorization in the web.config file.

Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.

If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.

[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />

[Code] ....

View 7 Replies

C# - How To Set User Control Visibility, Upon User Role

Mar 11, 2011

I want to implement access control for usercontrols depending on user role(s), I want to do it on the control base class, in such way that on every user control I only need to set a string with allowed roles to see the user control

This is how an user control class may look like:

public partial class SimpleMenu : MyUsrControlBase
{
protected void Page_Load(object sender, EventArgs e)[code]...

How to set up user control visibility from the base class depending on the validation result?Also which event in the user control is the best to set the roles?

AlloweRoles = "RoleA, RoleB"

View 1 Replies

MVC :: Child Actions Are Not Allowed To Perform Redirect Actions

Jun 29, 2010

I am getting an exception that child actions are not allowed to perform redirect actions. Although I can understand that this might is true in most situations I do believe that the framework might allow this to pass when a Child Action is calling another child action like in this example:

I have this code in my CountryController (I compacted it a bit but the main concept remains that I have a controller with Child Actions only):

[Code]....

This exception is being thrown:

Server Error in '/' Application.

Child actions are not allowed to perform redirect actions. Description:An unhandled exception occurred during the execution of the current web request. Review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidOperationException: Child actions are not allowed to perform redirect actions.

View 4 Replies

Web Forms :: How To Control Visibility Of Menu Nodes Depending On User Role

Apr 16, 2010

I have a Menu control in MasterPage based on web.sitemap file. My website has roles enabled (AspNetWindowsTokenRoleProvider) and uses Windows authentication mode. So, user has to be in a specific Windows Group to be able to access the site. I need to allow some users to see all menu nodes and some restricted set of nodes. How do I do that?

I would like to be able to create, say following Windows groups:

domain_namemy_app_users
domain_namemy_app_superusers
domain_namemy_app_admins

and code sitemap nodes this way:

<siteMapNode url="~/MOC_Masterdata_MOC_Approvers_Plain.aspx" title="MOC Approvers" description="MOC Approvers" />

View 5 Replies

User Controls :: How To Restrict User To Some Actions

Nov 21, 2013

I have 2 types of users- administrator and students..

now whenever login...

a student can only add their their info, view other students' info and perform some other basic actions, and

an administrator can view the students' info, select & reject them for some particular criteria.

What can I do for these two types of users for control their activities??..

View 1 Replies

Dialogue Between Two User Control Based On User Events?

Jan 3, 2011

In an ASP.NET page I have added two user control with a dropdownlist each one. The selection of a dropdownlist should be changed the query to the second user control.What is the most efficient way to pass the selected value of dropdownlist to the second?I initially thought of creating a public event (public string OnClientSelectedIndexChanged) while the first user control and outsource through a public string SelectedValue the selected value of the second user control:

public string SelectedValue
{
get
{

[code]...

View 2 Replies

Security :: Limit Access Based On Source IP Address Oin IIS?

May 31, 2010

I created a website and i restrired the website such a way that i can be acessed from a IP i configured.I did this as shown in below steps which i got from:

http://support.microsoft.com/kb/324274

Under IP Address and Domain Name Restrictions, click Edit.

Do one of the following:To deny access, click Granted Access, and then click Add. In the Deny Access On dialog box that appears, specify the option that you want, and then click OK.The computer, group of computers, or domain that you specified is added to the list.
To grant access, click Denied Access, and then click Add. In the Grant Access On dialog box that appears, select the option that you want, and then click OK.

The computer, group of computers, or domain that you selected is added to the list. Click OK.

But its not working . I am able to browse from other machine which have a different ohter IP. Do i have to configure somewhere else ?

View 3 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved