By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,529 Members | 1,826 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,529 IT Pros & Developers. It's quick & easy.

ARCHITECTURE : Enabling and disabling functionality in ASP.NET based on roles.

P: n/a
VSK
Hi all,

In our ASP.NET web application we have to enable or disable features in each
ASP.NET page based on role assigned to user.

Ex: if user who logs in is superisor then he can change phonenumber in
page1.aspx
if user who logs in is finaceofficial then he can just view the phone
number in page1.aspx

Thus Each page has elements whose functionality is enabled or disabled based
on roles.

Iam trying to do this checks in a Single class for all page and am not sure
whether it efficient.
My idea is to put code which checks the roles and enables and disabes server
controls in one class for easier maintenence.Not sure as to whether there is
any other alternative.

PS: am passing the entire Page object to the class :
objPageController.DeterminePageElements(this,"webf orm1");

Ex
a.aspx.cs
----------
private void Page_Load(object sender, System.EventArgs e)
{
PageController objPageController = new PageController();
objPageController.DeterminePageElements(this,"webf orm1");
}

PageController.cs
-----------------
public void DeterminePageElements(System.Web.UI.Page objPage,string
strPageName)
{
switch(strPageName){
case "webform1" :
//find the controls which are to be enabled or
//disabled from page collection.
//check for the role and credentials
//dummy code will be something like below
TextBox tb = objPage.FindControl("TextBox1");
if(security related checks)
{
tb1.Enabled = true;
}
else
{
}
case "" :
case "" :
....
}
}

Please let me know whether am doing anything wrong.

TIA for your patience
VSK


Nov 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
"VSK" <vs*****@hotmail.com> wrote in message
news:Ol*************@TK2MSFTNGP12.phx.gbl...
Hi all,

In our ASP.NET web application we have to enable or disable features in each ASP.NET page based on role assigned to user.

Ex: if user who logs in is superisor then he can change phonenumber in
page1.aspx
if user who logs in is finaceofficial then he can just view the phone
number in page1.aspx

Thus Each page has elements whose functionality is enabled or disabled based on roles.

Iam trying to do this checks in a Single class for all page and am not sure whether it efficient.
My idea is to put code which checks the roles and enables and disabes server controls in one class for easier maintenence.Not sure as to whether there is any other alternative.

PS: am passing the entire Page object to the class :
objPageController.DeterminePageElements(this,"webf orm1");

Ex
a.aspx.cs
----------
private void Page_Load(object sender, System.EventArgs e)
{
PageController objPageController = new PageController();
objPageController.DeterminePageElements(this,"webf orm1");
}

PageController.cs
-----------------
public void DeterminePageElements(System.Web.UI.Page objPage,string
strPageName)
{
switch(strPageName){
case "webform1" :
//find the controls which are to be enabled or
//disabled from page collection.
//check for the role and credentials
//dummy code will be something like below
TextBox tb = objPage.FindControl("TextBox1");
if(security related checks)
{
tb1.Enabled = true;
}
else
{
}
case "" :
case "" :
....
}
}

Please let me know whether am doing anything wrong.


Why in the world would you want one class to be aware of all of your pages?

You can easily enable or disable a control by setting its Enabled property
based on IsInRole:

txtPhoneNumber.Enabled = Page.User.IsInRole("Supervisor")

--
John
Nov 17 '05 #2

P: n/a
VSK
this is the design in this company according to which when user logs in a
user object is created with uname,logintime, multiple roles(not single
role).

For each role we will get pagesection credentials.
Pagesectioncredentials table
----------------------------
pagesectioncredentailsid pageid sectionid roleid isenabled
1 1 1 1
0/1
where sectionid represents functionality in page.

So we have to get the roles and then pagesectioncredentails for each of them
and then enable or disable based on "isenabled" field.
There is no scope for changing DB design at this point of time....

i have worked with a user with single role in prev projects.this is new to
me.. :)

thanks for the suggestion

VSK

"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:Oh**************@tk2msftngp13.phx.gbl...
"VSK" <vs*****@hotmail.com> wrote in message
news:Ol*************@TK2MSFTNGP12.phx.gbl...
Hi all,

In our ASP.NET web application we have to enable or disable features in each
ASP.NET page based on role assigned to user.

Ex: if user who logs in is superisor then he can change phonenumber in
page1.aspx
if user who logs in is finaceofficial then he can just view the phone
number in page1.aspx

Thus Each page has elements whose functionality is enabled or disabled

based
on roles.

Iam trying to do this checks in a Single class for all page and am not

sure
whether it efficient.
My idea is to put code which checks the roles and enables and disabes

server
controls in one class for easier maintenence.Not sure as to whether

there is
any other alternative.

PS: am passing the entire Page object to the class :
objPageController.DeterminePageElements(this,"webf orm1");

Ex
a.aspx.cs
----------
private void Page_Load(object sender, System.EventArgs e)
{
PageController objPageController = new PageController();
objPageController.DeterminePageElements(this,"webf orm1");
}

PageController.cs
-----------------
public void DeterminePageElements(System.Web.UI.Page objPage,string
strPageName)
{
switch(strPageName){
case "webform1" :
//find the controls which are to be enabled or
//disabled from page collection.
//check for the role and credentials
//dummy code will be something like below
TextBox tb = objPage.FindControl("TextBox1");
if(security related checks)
{
tb1.Enabled = true;
}
else
{
}
case "" :
case "" :
....
}
}

Please let me know whether am doing anything wrong.
Why in the world would you want one class to be aware of all of your

pages?
You can easily enable or disable a control by setting its Enabled property
based on IsInRole:

txtPhoneNumber.Enabled = Page.User.IsInRole("Supervisor")

--
John

Nov 17 '05 #3

P: n/a
I said nothing about single roles. A user can be in multiple roles, and
IsInRole can be used to test for each one.

--
John

"VSK" <vs*****@hotmail.com> wrote in message
news:#p**************@TK2MSFTNGP11.phx.gbl...
this is the design in this company according to which when user logs in a
user object is created with uname,logintime, multiple roles(not single
role).

For each role we will get pagesection credentials.
Pagesectioncredentials table
----------------------------
pagesectioncredentailsid pageid sectionid roleid isenabled
1 1 1 1
0/1
where sectionid represents functionality in page.

So we have to get the roles and then pagesectioncredentails for each of them and then enable or disable based on "isenabled" field.
There is no scope for changing DB design at this point of time....

i have worked with a user with single role in prev projects.this is new to
me.. :)

thanks for the suggestion

VSK

"John Saunders" <john.saunders at surfcontrol.com> wrote in message
news:Oh**************@tk2msftngp13.phx.gbl...
"VSK" <vs*****@hotmail.com> wrote in message
news:Ol*************@TK2MSFTNGP12.phx.gbl...
Hi all,

In our ASP.NET web application we have to enable or disable features in
each
ASP.NET page based on role assigned to user.

Ex: if user who logs in is superisor then he can change phonenumber
in page1.aspx
if user who logs in is finaceofficial then he can just view the phone number in page1.aspx

Thus Each page has elements whose functionality is enabled or disabled

based
on roles.

Iam trying to do this checks in a Single class for all page and am not

sure
whether it efficient.
My idea is to put code which checks the roles and enables and disabes

server
controls in one class for easier maintenence.Not sure as to whether

there
is
any other alternative.

PS: am passing the entire Page object to the class :
objPageController.DeterminePageElements(this,"webf orm1");

Ex
a.aspx.cs
----------
private void Page_Load(object sender, System.EventArgs e)
{
PageController objPageController = new PageController();
objPageController.DeterminePageElements(this,"webf orm1");
}

PageController.cs
-----------------
public void DeterminePageElements(System.Web.UI.Page objPage,string
strPageName)
{
switch(strPageName){
case "webform1" :
//find the controls which are to be enabled or
//disabled from page collection.
//check for the role and credentials
//dummy code will be something like below
TextBox tb = objPage.FindControl("TextBox1");
if(security related checks)
{
tb1.Enabled = true;
}
else
{
}
case "" :
case "" :
....
}
}

Please let me know whether am doing anything wrong.


Why in the world would you want one class to be aware of all of your

pages?

You can easily enable or disable a control by setting its Enabled

property based on IsInRole:

txtPhoneNumber.Enabled = Page.User.IsInRole("Supervisor")

--
John


Nov 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.