Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 3.5 > ASP.NET 3.5 Professionals
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 3.5 Professionals If you are an experienced ASP.NET programmer, this is the forum for your 3.5 questions. Please also see the Visual Web Developer 2008 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 3.5 Professionals section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 4th, 2010, 01:44 PM
Registered User
Points: 37, Level: 1
Points: 37, Level: 1 Points: 37, Level: 1 Points: 37, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Role based access for dynamic URL's.

Does anyone know how to apply role based permissions to dynamically generated URL's? (This is for a dynamic data website application.)

For example, I want non admin users to "only" be able to access http://xxx/xxx/Inventory/List.aspx?xxx and http://xxx/xxx/Inventory/Edit.aspx?xxx

but not be able to access http://xxx/xxx/Model/List.aspx?xxx or
http://xxx/xxx/Model/Edit.aspx?xxx or
http://xxx/xxx/History/List.aspx?xxx, etc.

Inventory, Model, and History are table names. The URL's are auto generated via "routes.Add(New DynamicDataRoute("{table}/{action}.aspx")" in the global.asax file.

I can hide all the hyperlinks to the URL's I want blocked, and I can prevent "all" non-admin access to Details.aspx, Insert.aspx , etc., but I cannot figure out how to prevent access to specific dynamically generated URL's such as the ones above.

Thanks,

Jeff
  #2 (permalink)  
Old June 6th, 2010, 11:01 PM
Registered User
Points: 37, Level: 1
Points: 37, Level: 1 Points: 37, Level: 1 Points: 37, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Solved!!!

I'm not sure if this is the best way to do it but I figured out a solution... don't register the control if the logged in user is not an admin, and the URL doesn't match the specified URL in which they are allowed access. If a non admin user tries to enter a restricted URL they get redirected back to the main unrestricted page.


Protected Sub Page_Init(ByVal sender As Object, ByVal e As EventArgs)

If Roles.IsUserInRole("Administrator") OrElse _
InStr(Request.Url.ToString(), "Inventory/List.aspx") Then
DynamicDataManager1.RegisterControl(GridView1, True)
Else
Response.Redirect("~/Inventory/List.aspx")
End If
End Sub


Jeff
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Role based security tsimsha ASP.NET 2.0 Basics 4 May 6th, 2008 11:41 AM
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
problem with role based authorization hotshot_21 ASP.NET 1.0 and 1.1 Basics 0 February 21st, 2006 08:12 AM
Role based securty Warbird General .NET 2 August 17th, 2004 12:50 PM



All times are GMT -4. The time now is 09:20 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.