1

I am managing different roles pages in different folders in my application rote. Admin folder has all pages of admin. User has all pages of loged in user.

Please advice what way I should adopt to check that user is valid and have correct permissions ?

I was thinking I should user sessioon variables, as a user logs in I keep its Id and user type in session. Can there be some more elegent and less coding required way ?

The page where user signs in is a detail page with almost 25 fields and it has ajax validations, and othe client and server side validations.

I dont know much about membership providers by asp.net and never used these , Kindly if you advice something reffer me some link or keyword to look further.

Thanks

user576510
  • 5,777
  • 20
  • 81
  • 144

2 Answers2

2

You can manage such configuration easily in the web.config. Simply add in a configuration section of web.config.

<location path="Admin">
  <system.web>
    <authorization>
        <deny users="?"/>               
        <allow roles="Administrator"/>
    </authorization>
  </system.web>
</location>

<deny users="?"/> mean's unauthenticated user will not be able to access the Admin Folder

An example with another Folder, you want to allow, that has Manager Role:

<location path="ManagerFolder">
  <system.web>
    <authorization>
        <deny users="?"/>               
        <allow roles="Manager"/>
    </authorization>
  </system.web>
</location>
Off The Gold
  • 1,228
  • 15
  • 28
Muhammad Akhtar
  • 51,913
  • 37
  • 138
  • 191
  • Akhtar thanks, Please guide how to do it in custom code snario. For registration I am using custom code, can I use with my custom code that save a user in db table ? I have roles column in my db with values but after these configurations how I will manage ? Should I keep my user type in session variable ? How I can use you guidance with my snario. thanks – user576510 Jul 04 '11 at 05:22
  • You can use like to check the uesr, if lies in particular role. if (HttpContext.Current.User.IsInRole("RoleName")) – Muhammad Akhtar Jul 04 '11 at 05:50
  • @Mhuammad Akhtar, but will I need to put user type in session ? – user576510 Jul 04 '11 at 06:56
  • I am sorry I am not getting what benefit it will bring then doing it by custom code ? – user576510 Jul 04 '11 at 06:57
0

Here are some links

Implementing Role-Based Security with ASP.NET

Implementing Role-Based Security with ASP.NET, Part 2

Role-based Security with Forms Authentication

Hope these will help you get started

Eranga
  • 32,181
  • 5
  • 97
  • 96