[ASP.NET 2.0 | Authorization]

Hello,

If you read my previous posts you remember I was trying to build a roles based access system of my own instead of using ASP.NET 2.0 membership framework for obvious flexibility limitations. Well, I am working with it but I have no idea how to prevent users from accessing the resources of my site. I can know if a role has permission to see the resources but I think that checking the roles in each page load is not the best solution. Maybe something to do with the Web.Config configuration file it's what I am looking for. Please help.

Thanks

The easiest thing I've found to do is grouping files with the same permissions into different folders. Then in the web.config file you can make <location> entries for those directories and give authorizations to all of the files at the same time. Something like this...
<location path="adminDir">
<system.web>
<authorization>
<allow roles="Admins" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="protectedDir">
<system.web>
<authorization>
<allow roles="Admins, Members" />
<deny users="*" />
</authorization>
</system.web>
</location>

Hi,

Yes, of course that works when you know from forehand the roles, but in my case remember I am providing in the system the ability to create the roles. So that will not work, I do not know the roles, they are created dynamically.

Thanks!

Good point. It's been a long day, and I'm not thinking strait...

What I would do in that case is actually make a "new" BasePage class. Then all of your new pages would inherit from that instead of inheriting from System.Web.UI.Page. In your new BasePage class you can add the functionality to check a database or some other file for it's allowed roles. That would make it a lot more dynamic.

I would try to set up the roles in the cache so that you're not make that extra trip to the database each time. When ever the roles are changed, just invalidate the cache at the same time.

Oh, So I have to do that manually. XD Thanks.

You'd have to build the class manually, but you would only have to do it once. If each of your other pages inherit from the new base class, they would all have the functionality built into them.

Yeah, by the way I am dropping of using the so great MasterPage because I can not localize a TreeView there since it does not implement the InitializeCulture method. Is there a way to do this? I do not understand how is it possible the MasterPage is lacking this feature, it makes no sense, do not you think so? :chuckle:

Unfortunately, I haven't had to make any pages available for Localization, so I haven't looked into those features at all. I'm not sure what is going on, but I find it somewhat hard to believe that there is no way use it with Master Pages.... :confused: