Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 3.5 > ASP.NET 3.5 Professionals
| Search | Today's Posts | Mark Forums Read
ASP.NET 3.5 Professionals If you are an experienced ASP.NET programmer, this is the forum for your 3.5 questions. Please also see the Visual Web Developer 2008 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 3.5 Professionals section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 4th, 2010, 01:44 PM
Registered User
Points: 37, Level: 1
Points: 37, Level: 1 Points: 37, Level: 1 Points: 37, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Role based access for dynamic URL's.

Does anyone know how to apply role based permissions to dynamically generated URL's? (This is for a dynamic data website application.)

For example, I want non admin users to "only" be able to access http://xxx/xxx/Inventory/List.aspx?xxx and http://xxx/xxx/Inventory/Edit.aspx?xxx

but not be able to access http://xxx/xxx/Model/List.aspx?xxx or
http://xxx/xxx/Model/Edit.aspx?xxx or
http://xxx/xxx/History/List.aspx?xxx, etc.

Inventory, Model, and History are table names. The URL's are auto generated via "routes.Add(New DynamicDataRoute("{table}/{action}.aspx")" in the global.asax file.

I can hide all the hyperlinks to the URL's I want blocked, and I can prevent "all" non-admin access to Details.aspx, Insert.aspx , etc., but I cannot figure out how to prevent access to specific dynamically generated URL's such as the ones above.

Thanks,

Jeff
 
Old June 6th, 2010, 11:01 PM
Registered User
Points: 37, Level: 1
Points: 37, Level: 1 Points: 37, Level: 1 Points: 37, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Solved!!!

I'm not sure if this is the best way to do it but I figured out a solution... don't register the control if the logged in user is not an admin, and the URL doesn't match the specified URL in which they are allowed access. If a non admin user tries to enter a restricted URL they get redirected back to the main unrestricted page.


Protected Sub Page_Init(ByVal sender As Object, ByVal e As EventArgs)

If Roles.IsUserInRole("Administrator") OrElse _
InStr(Request.Url.ToString(), "Inventory/List.aspx") Then
DynamicDataManager1.RegisterControl(GridView1, True)
Else
Response.Redirect("~/Inventory/List.aspx")
End If
End Sub


Jeff




Similar Threads
Thread Thread Starter Forum Replies Last Post
Role based security tsimsha ASP.NET 2.0 Basics 4 May 6th, 2008 11:41 AM
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
problem with role based authorization hotshot_21 ASP.NET 1.0 and 1.1 Basics 0 February 21st, 2006 08:12 AM
Role based securty Warbird General .NET 2 August 17th, 2004 12:50 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.