tags:

views:

854

answers:

3
Q: 

How to secure webpages in ASP.Net with roles?

In my application I have different roles and offcourse multiple pages. How do I secure webpages that may not be accessed by certain roles?

Imagine group 1 has access to webpage a.aspx, b.aspx and c.aspx but not to webpage d.aspx. How do i secure that when a user of group 1 types in d.aspx he cannot view the page?

A: 

This is a big topic but I think what you want to look into is the ASP.NET Membership Provider.

I would start here: Examining ASP.NET 2.0's Membership, Roles, and Profile.

There's one thing messageboard websites, eCommerce websites, social network websites, and portal websites share in common: they all provide user accounts. These websites, and many others, allow (or require) visitors to create an account in order to utilize certain functionality. For example, a messageboard website, like ASPMessageboard.com, allows anonymous and authenticated visitors to view and search the posts in the various forums. However, in order to be able to post a new thread or reply to a message a visitor must have an account and must log into the site.

Andrew Hare  2009-06-15 12:15:43
Thnx. I am looking for a quick and nice solution. It is not for a very big application.
Martijn  2009-06-15 12:16:37
What he suggest would probably be faster than rolling your own.
C. Ross  2009-06-15 12:20:27
+3  A: 

You have to add in web.config, which Role can get which page.

<location path="yourPage.aspx">
 <system.web>
  <authorization>
   <deny users="?"/>
   <allow roles="Super Admin"/>
                            <deny users="Admin"/>

  </authorization>
 </system.web>
</location>
Muhammad Akhtar  2009-06-15 12:15:55
Thnx. But my roles are stored in the database. Is there a (quick neat) dynamic way?
Martijn  2009-06-15 12:26:29
Are these roles are fixed in DB table or changeable?
Muhammad Akhtar  2009-06-15 12:40:21
So for each page I have to create a authorization tag?
Martijn  2009-06-15 14:57:47
yes, you have to.. we did same as I have told you.
Muhammad Akhtar  2009-06-16 08:15:47
A: 

This might help you.

Authorization module which applies authorization to matching urls: http://code.google.com/p/talifun-web/wiki/RegexUrlAuthorizationModule

Taliesin  2010-02-18 16:53:22

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?