In my codebehind class, how do I retrieve the authorized roles?

Question

I have the following in my web.config:

<location path="RestrictedPage.aspx">
    <system.web>
     <authorization>
      <allow roles="Group1Admin, Group3Admin, Group7Admin"/>
      <deny users="*"/>
     </authorization>
    </system.web>
</location>

Within RestrictedPage.aspx.cs, how do I retrieve the allowed roles collection that contains Group1Admin, Group3Admin, and Group7Admin?

Here's why I ask:

The web.config is handling the authorization to the page. That works fine. But I'm going to have a couple of these pages (say RestrictedPage.aspx, RestrictedPage2.aspx, RestrictedPage3.aspx). Each of these pages is going to have my custom webcontrol on it. And each of these pages will have different allowed roles. My webcontrol has a dropdown list. The choices within the dropdown depend on the intersection of the user's roles and the page's allowed roles.

As mentioned below, searching the web.config with XPath would probably work. I was just hoping for something more framework-y. Kind of like SiteMap. When I put roles in my web.sitemap, I can grab them using SiteMap.CurrentNode.Roles (my website is using Windows authentication, so I can't use web.sitemap for security trimming and I'd rather maintain roles in only one file).

Answer 1

if {User.IsInRole("Group1Admin"){//do stuff}

Is that what your asking?

Answer 2

I'm not sure for certain, but I would have thought that this is checked before your page is even processed, so if a user is not in a role they would never reach your page. Which ultimately would make the visibility of this redundant in the page.

Answer 3

Hey there,

I'm convinced that there is a better way to read this information, but here is a way that you can read the allow values from a web.config file.

XmlDocument webConfigReader = new XmlDocument(); 
webConfigReader.Load(Server.MapPath("web.config")); 

XmlNodeList root = webConfigReader.SelectNodes("//location[@path="RestrictedPage.aspx"]//allow//@roles"); 

foreach (XmlNode node in root) 
{ 
     Response.Write(node.Value); 
}

Of course, the ASP.NET role provider will handle this for you, so reading these values is only really relevant if you plan to do something with them in the code-behind beside authorizing users, which you may be doing.

Hope this helps--you may have to split your result using the , character.

Answer 4

What typically happens is this...

When the user hits your page, if authentication/authorization is active, the Application_Authentication event is raised. Unless you are using Windows Authentication against something like Active Directory, the IPrincipal and Identity objects will not be available to you, so you can't access the User.IsInRole() method. However, you CAN do this by adding the following code into your Global.asax file:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)

      Dim formsAuthTicket As FormsAuthenticationTicket
      Dim httpCook As HttpCookie
      Dim objGenericIdentity As GenericIdentity
      Dim objMyAppPrincipal As CustomPrincipal
      Dim strRoles As String()

      Log.Info("Starting Application AuthenticateRequest Method...")

      httpCook = Context.Request.Cookies.Get("authCookieEAF")
      formsAuthTicket = FormsAuthentication.Decrypt(httpCook.Value)
      objGenericIdentity = New GenericIdentity(formsAuthTicket.Name)
      strRoles = formsAuthTicket.UserData.Split("|"c)
      objMyAppPrincipal = New CustomPrincipal(objGenericIdentity, strRoles)
      HttpContext.Current.User = objMyAppPrincipal

      Log.Info("Application AuthenticateRequest Method Complete.")

End Sub

This will put a cookie into the browser session with the proper user and role credentials you can access in the web app.

Ideally, your user is only going to be in one role in an application, so I believe that is why you have the role check method available to you. It would be easy enough to write a helper method for you that would iterate through the list of roles in the application and test to see what role they are in.

Answer 5

// set the configuration path to your config file
string configPath = "??";

Configuration config = WebConfigurationManager.OpenWebConfiguration(configPath);

// Get the object related to the <identity> section.
AuthorizationSection section = (AuthorizationSection)config.GetSection("system.web/authorization");

from the section object get the AuthorizationRuleCollection object where you can then extract the Roles.

Note: You'll probably need to modify the path to the section a bit since you start with "location path="RestrictedPage.aspx"", I didn't try that scenario.