All geek questions in one place

What is the best way to handle role-based permissions using forms authentication in my ASP.NET web application?

I am using ASP.NET Login Controls and Form Authentication for Membership / Credentials for an ASP.NET Web Application.

I have two roles:

  • Users
  • Administrators

I want the pages to be viewable by four different groups:

  • All (default, Help)
  • Anonymous (CreateUser, Login, PasswordRecovery)
  • Users (ChangePassword, DataEntry)
  • Administrators (report)

Having deployed an example in ASP.NET HOW TO MAKE A VIDEO: Membership and Roles , I placed these files in the following folders:

Visual Studio Solution Explorer

- ASP.NET .

, , Login.aspx ReturnUrl Login.aspx.

? , , ?

+3
3

.

  • web.config. , . , web.config . , , , .
  • (.. EveryonePage, UserPage, AdminPage ..) Page_Load.
+1

, , :

  • "SecurePage" - .
  • "AllowedUserRoles" , . , int .
  • Page_Load , SecurePage, AllowedUserroles.
  • OnLoad() , , AllowedUserRoles.

web.config .

+1

On the main page, I define a public property that toggles the security check, the default is true. I also declare a string, which is; list of sections required for this page.

in the loading page of my main page, I do the following

if (_secure)
{
  if (Request.IsAuthenticated)
  {
    if (_role.Length > 0)
    {
      if (PortalSecurity.IsInRoles(_role))
      {
        return;
      }
      else
      {
        accessDenied = true;
      }
    }
    else
    {
      return;
    }
  }
}

//do whatever you wanna do to people who dont have access.. bump to a login page or whatever

also you will need to put

at the top of your pages so you can access the advanced properties of the main page

+1
source

Source: https://habr.com/ru/post/1696576/

More articles:


All Articles