By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,969 Members | 1,564 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,969 IT Pros & Developers. It's quick & easy.

How to determine authorized roles for a page?

P: n/a
I've been combing through Google trying to find the answer but not luck.

I'm using Forms authentication. Determining what Roles the current user is
in was the easy part (User.IsInRole). But how does one determine what Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)
May 31 '07 #1
Share this Question
Share on Google+
7 Replies


P: n/a
On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.nowwrote:
I've been combing through Google trying to find the answer but not luck.

I'm using Forms authentication. Determining what Roles the current user is
in was the easy part (User.IsInRole). But how does one determine what Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)
I've asked the same question some time ago
http://groups.google.com/group/micro...6bd15d86528b2/

May 31 '07 #2

P: n/a

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@q69g2000hsb.googlegr oups.com...
On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.nowwrote:
I've been combing through Google trying to find the answer but not luck.

I'm using Forms authentication. Determining what Roles the current user
is
in was the easy part (User.IsInRole). But how does one determine what
Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)

I've asked the same question some time ago
http://groups.google.com/group/micro...6bd15d86528b2/
>
We appear to be on a parallel path. (thanks for the corrective posting in
the other NG.) I noticed WebConfigurationManager before prowling through
Google and the NGs. I too am understandably resistant to that approach.
Seems as though the desired method should be available. After all, what
method does .NET call to determine a user's ability, or lack thereof, to
access a page?
May 31 '07 #3

P: n/a
SAL
As Alexey was implying in the post in the link that was included, parsing
the web.sitemap might be a way to do that. If you include the roles tag for
you pages, you can determine the roles that are allowed for a giving page.
It's a pain but it's a way to do it. You can use the HTTPConext to get at
the current user.

HTH
S

"MyndPhlyp" <no****@homeright.nowwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
>
"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@q69g2000hsb.googlegr oups.com...
>On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.nowwrote:
I've been combing through Google trying to find the answer but not
luck.

I'm using Forms authentication. Determining what Roles the current user
is
in was the easy part (User.IsInRole). But how does one determine what
Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)

I've asked the same question some time ago
http://groups.google.com/group/micro...6bd15d86528b2/
>>

We appear to be on a parallel path. (thanks for the corrective posting in
the other NG.) I noticed WebConfigurationManager before prowling through
Google and the NGs. I too am understandably resistant to that approach.
Seems as though the desired method should be available. After all, what
method does .NET call to determine a user's ability, or lack thereof, to
access a page?


May 31 '07 #4

P: n/a
On May 31, 10:33 pm, "SAL" <S...@NoNo.comwrote:
As Alexey was implying in the post in the link that was included, parsing
the web.sitemap might be a way to do that. If you include the roles tag for
you pages, you can determine the roles that are allowed for a giving page.
It's a pain but it's a way to do it. You can use the HTTPConext to get at
the current user.
using System.Web.Configuration;

Configuration config =
WebConfigurationManager.OpenWebConfiguration(url);
AuthorizationSection configSection =
(AuthorizationSection)config.GetSection("system.we b/authorization");
AuthorizationRuleCollection rules = configSection.Rules;

CommaDelimitedStringCollection allowed = new
CommaDelimitedStringCollection();
CommaDelimitedStringCollection denied = new
CommaDelimitedStringCollection();

for (int i = 0; i < rules.Count; i++)
{
if (rules[i].Roles.Count 0)
{
if (rules[i].Action.ToString() == "Allow")
allowed.AddRange(rules[i].Roles.ToString().Split(','));
else if (rules[i].Action.ToString() == "Deny")
denied.AddRange(rules[i].Roles.ToString().Split(','));
}
}

Response.Write("Allowed Roles: " + allowed.ToString());
Response.Write("<br />");
Response.Write("Denied Roles: " + denied.ToString());

Note, the url value can be a path to a directory, like "/admin", or a
path to the file, like "/admin/default.aspx". To find if roleName
"IsInRoles", simply use the Contains() method, e.g.
allowed.Contains("roleName").

Enjoy.

May 31 '07 #5

P: n/a
SAL
Nice.

S

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@u30g2000hsc.googlegr oups.com...
On May 31, 10:33 pm, "SAL" <S...@NoNo.comwrote:
>As Alexey was implying in the post in the link that was included, parsing
the web.sitemap might be a way to do that. If you include the roles tag
for
you pages, you can determine the roles that are allowed for a giving
page.
It's a pain but it's a way to do it. You can use the HTTPConext to get at
the current user.

using System.Web.Configuration;

Configuration config =
WebConfigurationManager.OpenWebConfiguration(url);
AuthorizationSection configSection =
(AuthorizationSection)config.GetSection("system.we b/authorization");
AuthorizationRuleCollection rules = configSection.Rules;

CommaDelimitedStringCollection allowed = new
CommaDelimitedStringCollection();
CommaDelimitedStringCollection denied = new
CommaDelimitedStringCollection();

for (int i = 0; i < rules.Count; i++)
{
if (rules[i].Roles.Count 0)
{
if (rules[i].Action.ToString() == "Allow")
allowed.AddRange(rules[i].Roles.ToString().Split(','));
else if (rules[i].Action.ToString() == "Deny")
denied.AddRange(rules[i].Roles.ToString().Split(','));
}
}

Response.Write("Allowed Roles: " + allowed.ToString());
Response.Write("<br />");
Response.Write("Denied Roles: " + denied.ToString());

Note, the url value can be a path to a directory, like "/admin", or a
path to the file, like "/admin/default.aspx". To find if roleName
"IsInRoles", simply use the Contains() method, e.g.
allowed.Contains("roleName").

Enjoy.

Jun 1 '07 #6

P: n/a

"Alexey Smirnov" <al************@gmail.comwrote in message
news:11**********************@u30g2000hsc.googlegr oups.com...
>
using System.Web.Configuration;

Configuration config =
WebConfigurationManager.OpenWebConfiguration(url);
AuthorizationSection configSection =
(AuthorizationSection)config.GetSection("system.we b/authorization");
AuthorizationRuleCollection rules = configSection.Rules;

CommaDelimitedStringCollection allowed = new
CommaDelimitedStringCollection();
CommaDelimitedStringCollection denied = new
CommaDelimitedStringCollection();

for (int i = 0; i < rules.Count; i++)
{
if (rules[i].Roles.Count 0)
{
if (rules[i].Action.ToString() == "Allow")
allowed.AddRange(rules[i].Roles.ToString().Split(','));
else if (rules[i].Action.ToString() == "Deny")
denied.AddRange(rules[i].Roles.ToString().Split(','));
}
}

Response.Write("Allowed Roles: " + allowed.ToString());
Response.Write("<br />");
Response.Write("Denied Roles: " + denied.ToString());

Note, the url value can be a path to a directory, like "/admin", or a
path to the file, like "/admin/default.aspx". To find if roleName
"IsInRoles", simply use the Contains() method, e.g.
allowed.Contains("roleName").
Thanks. Maybe some day, roughly around the same time pigs fly and hell
freezes over, M$ will get around to exposing the method and save us the
trouble (and overhead) of parsing out the web.config.

Who would ever have thought anybody would want to send an authenticated user
back to their previous page, rather than a "not allowed" or login page, if
the user is unauthorized to use the requested page?
Jun 2 '07 #7

P: n/a
On Jun 2, 10:10 pm, "MyndPhlyp" <nob...@homeright.nowwrote:
Who would ever have thought anybody would want to send an authenticated user
back to their previous page, rather than a "not allowed" or login page, if
the user is unauthorized to use the requested page?- Hide quoted text -
It has to be checked on the page

if (!User.IsInRole("Manager") {
Response.Redirect("/");
}

Jun 4 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.