4

I'm writing a custom role provider and I need programmatic access the authorization information stored in the web.config. Certain section of the site are only accessible by certain roles. I would like to find out which roles can access a page and/or which page a certain role can access.

I can't seem to figure this one out.

kareem
  • 753
  • 1
  • 5
  • 10

1 Answers1

9

You can access any information stored such as ConnectionStrings,AppSettings and other defined values in web.config by WebConfigurationManager class in System.Web.Security namespace.

Let's say you have defined and authorization section as:

<system.web>
<authorization>
  <allow roles="admin,moderator" />
  <deny users="?" />
</authorization></system.web>

The section you just created means users who has admin and/or moderator roles can access pages within and deny everyone (anonymous) who attempts to access without login information.

In order to that just call out WebConfigurationManager's GetSection method as

AuthorizationSection auth = WebConfigurationManager.GetSection("system.web/authorization") as AuthorizationSection;

AuthorizationSection class will give you Rules collection which is precisely what you're looking for.

Myra
  • 3,646
  • 3
  • 38
  • 47
  • I don't find any `Rules` collection on the `AuthenticationSection` object... ? – awe Nov 01 '09 at 11:29
  • AuthorizationSection has the Rules collection. I spelled the name of class incorrectly. It's not AuthenticationSection but AuthorizationSection,i edited my post to verify the error you mentioned,thank you for noticing this to me. – Myra Nov 10 '09 at 13:05