I am using this book to learn ASP.net. I need to some help for letting the three different roles of users to view different the content of the Articles.

I understand that I can put "allow and deny" on pages/folders in web.config to allow/deny the users' access. However, I am talking about the dynamic content of Articles. That is impossible to set the different pages for the different user...

Please help and give me some advice where I should start to make it happen.

jophie

__________________
jophie

Hi Jophie.

This should not be too difficult to implement. You would need to add an additional field to your article table to store the role(s) that you wish to view / edit the article. You will then need to update your existing stored procedures and classes to include this additional field.
You would then restrict access to the articles in a similar way to how non-authenticated users cannot view Articles that have the "Members Only" field set to True.

Instead of using Page.User.Identity.IsAuthenticated you could use the Me.Page.User.IsInRole method in a similar way to how the articles listing checks whether the current user can edit the article:
            Me.UserCanEdit = (Me.Page.User.Identity.IsAuthenticated.ToString AndAlso _
                (Me.Page.User.IsInRole("Administrators") Or _
                Me.Page.User.IsInRole("Editors")))

Hope this helps.

(by the way the code above is vb.net but should not differ too much to the c# in the book)

Hi Retroviz,

Thank you for your tips.

I need more help tho. For example, the manager -- administrators should read all the articles, but the supervisor -- editors may read 3/4 of total articles and then the employee -- viewers only can read 1/2 of total articles. Then how can I assign one particlar article to let manager view but not editor and viewer???

jophie

Jophie,

You may need to clarify - I am presuming when you say "viewers only can read 1/2 of total articles" you do not actually mean a they always view 50% of articles present?

If you mean what I think you mean - you wish to be able to restrict access to certain articles based on the users role (user, editor, admin etc.)

If you have the book then it does contain all of the logic required to implement such a security model.

Note this is just one way of doing it:

Look at your current articles table. You have a field named OnlyForMembers. This allows you to restrict access to an article to only logged in (registered users).

If you look at the Page_Load event of ShowArticle.aspx (note mine is in vb.net):






you can see that if the OnlyForMembers value is checked and if the user is not authenticated, they are redirected to the log in page.

You could extend this further by adding additional fields to your articles table for each role (only really a good idea if you know that you will have a fixed number of roles (i.e. user, editor, admin etc.). Of course this does that you are denormalising your table to some extent but if using the same boolean (checkbox) datatype for these fields, the implications should not be so serious.

So lets imagine you have created an article that can be viewed by Admin (ShowAdmin=True), Editors (ShowEditor=True) but not by normal users (ShowUser=False).

As long as you make the necessary changes to the methods and properties of the articles classes you could do a similar check to the article above although this time instead of checking if a user is logged in, you check if they are logged in and their role. So if Joe Bloggs logs in and he is a member of the users group, your logic will see that ShowAdmin = True (is user a member of the Admin role - NO), ShowEditor = True (is user in the Editor role - NO), ShowUser = False (is user in the Users role - YES)

So essentially if you do not get a match (like in this case): Me.RequestLogin()

I hope that gives you enough information. One of the best things about the book is to learn how to develop a fully featured application properly. If something similar already exists in the application you should be able to copy/adapt accordingly.

Hi All,

I added two more fields in the tbh_Article and made some changes in the store procedure for the (showAdmin) and (showEditor). Basically, I added these two fields information at anywhere (OnlyForMembers) existed.

After I added and changed, then ran. There were an error pop out. Error: Exception Details: system.InvalidCastException: specified cast is not valid.

Source Error:
Line 106: protected virtual ArticleDetails GetArticleFormReader (IDataReader reader, bool readBody)
ArticleDetails article = new ArticleDetails (
(int)reader["ArticleID"}
(DateTime)reader {"AddedDate"],
-----
HOWEVER, I added (bool)reader["OnlyForMembers"],
            (bool)reader["ShowEditor"],
            (bool)reader["ShowAdmin"],

-----
There was also an error about gvwArticle.Databind();

Do you or anyone have an idea what is wrong? Did anyone add a field? Please keep me some tips to look for?

J

jophie

Suggest you check your New() constructors for your articles class and make sure you have added the additional fields or that you are not missing them from any of your methods such as the one being used with gvwArticles. Best thing is to step through your code to ensure you have all the bases covered.

I triple checked already. I didn't miss.

HELP!!! Anyone added one more field to the site ?!?!

jophie

jophie,

i'm coming in late on this one but here's aquick checklist of the places where any new 'properties' should be added (using tbh_articles as an example):

1. DAL\ArticleDetails.cs
2. DAL\SQLClient\SQLArticlesProvider.cs
3. BLL\Articles\Article.cs

obviously, any code behind should refer to the new properties as well. hopefully, this should at least bring up a checklist for you to follow thro'

jimi

http://www.originaltalent.com

Never mind. The code is fine. The problem was in the DB. I changed something but I forgot it could make the errors.

Thanks.

jophie

Thanks Jimi,
I didn't see your post before I posted my last message. I checked all my modified code (code-behind) three or four times. BUT the error kept showing up. Then I attached the another DB and it works fine now.

May still have some question for ShowAdmin and ShowEditor logic! Please help and thank you in advance.

j

jophie