Forms Authentication. Get allowed verb for a role specified in web.config

Question

I've specified verbs for roles in web.config. This works fine, the role observer is redirected to login page if the role tries to post in page Test.aspx. Example:

  <location path="Test1.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" verbs="GET" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Test2.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

But this is a bit confusing for the user when trying to POST in page Test.aspx. I want to inform the user that he/she is not allowed to post before actually clicking anything. Something like this:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    If *Not User.Role("Observer").Verbs("Post").Allowed* then
       uiSave.enabled = false
    End if
End Sub

So, the question is: Where can I access this information?

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

Use:

if(User.IsInRole("Observer")){
 //code here
}

Example here

You wont need to check the Verb because you already know that users in the Observer role do not permission to usethe Post verb

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 12 '12 at 08:40

robasta

4,621
5
35
53

Ah, but I will have roles who have full access to some pages and only GET access to some. – user1145002 Jan 12 '12 at 09:14
Updated to original question to explain better – user1145002 Jan 12 '12 at 09:29
Mmm, OOB i dont think there is a way. You may have to write your own logic on that one. – robasta Jan 13 '12 at 12:44

Forms Authentication. Get allowed verb for a role specified in web.config

1 Answers1