I'm using Forms authentication. Determining what Roles the current user is
in was the easy part (User.IsInRole). But how does one determine what Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)
I've asked the same question some time ago
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/35b6bd15d86528b2/
We appear to be on a parallel path. (thanks for the corrective posting in
the other NG.) I noticed WebConfigurationManager before prowling through
Google and the NGs. I too am understandably resistant to that approach.
Seems as though the desired method should be available. After all, what
method does .NET call to determine a user's ability, or lack thereof, to
access a page?
HTH
S
"MyndPhlyp" <nob...@homeright.now> wrote in message
news:%235PE562...@TK2MSFTNGP03.phx.gbl...
using System.Web.Configuration;
Configuration config =
WebConfigurationManager.OpenWebConfiguration(url);
AuthorizationSection configSection =
(AuthorizationSection)config.GetSection("system.web/authorization");
AuthorizationRuleCollection rules = configSection.Rules;
CommaDelimitedStringCollection allowed = new
CommaDelimitedStringCollection();
CommaDelimitedStringCollection denied = new
CommaDelimitedStringCollection();
for (int i = 0; i < rules.Count; i++)
{
if (rules[i].Roles.Count > 0)
{
if (rules[i].Action.ToString() == "Allow")
allowed.AddRange(rules[i].Roles.ToString().Split(','));
else if (rules[i].Action.ToString() == "Deny")
denied.AddRange(rules[i].Roles.ToString().Split(','));
}
}
Response.Write("Allowed Roles: " + allowed.ToString());
Response.Write("<br />");
Response.Write("Denied Roles: " + denied.ToString());
Note, the url value can be a path to a directory, like "/admin", or a
path to the file, like "/admin/default.aspx". To find if roleName
"IsInRoles", simply use the Contains() method, e.g.
allowed.Contains("roleName").
Enjoy.
S
"Alexey Smirnov" <alexey....@gmail.com> wrote in message
news:1180646927.5...@u30g2000hsc.googlegroups.com...
Thanks. Maybe some day, roughly around the same time pigs fly and hell
freezes over, M$ will get around to exposing the method and save us the
trouble (and overhead) of parsing out the web.config.
Who would ever have thought anybody would want to send an authenticated user
back to their previous page, rather than a "not allowed" or login page, if
the user is unauthorized to use the requested page?
It has to be checked on the page
if (!User.IsInRole("Manager") {
Response.Redirect("/");
}