jellysaini
Reputation: 158
Permission based access control
I am trying to implement permission based access control in ASP.NET. To implement this I have created some database tables that hold all the information about which roles are assigned what permissions and which roles are assigned to what user.
I am checking the permissions in the business access layer. Right now I have created a method which checks the permissions of the user. If the user has permissions then okay otherwise it redirects to another page.
I want to know if the following things are possible?
class User
{
[PremissionCheck(UserID,ObjectName,OperationName)]
public DataTable GetUser()
{
//coding for user
}
}
I have seen it in MVC3. Can I Create it in ASP.NET? If yes then how can I implement it?
Upvotes: 2
Views: 2201
Answers (2)
Nathan
Reputation: 2775
I want to know if the following things are possible?
class User {
[PremissionCheck(UserID,ObjectName,OperationName)]
public DataTable GetUser()
{
//coding for user
} }
No. It´s not possible in ASP.Net webforms
However, I've implemented Role Based Access Control on a a classic 3-tier ASP.Net 3.5 web forms application, using a MasterPage, a BasePage class and a RoleBasedAccessControl database model.
Example
User "jtirado" is assigned role "HR-Assistant", can access route "mywebapp/employee.aspx?id=1452" to edit employee (id:1452) data.
Being "HR-Assistant", this user can change employee telephone number and e-mail, can view employee salary but not edit the amount.
Telephone number, email, salary are dabatase fields and are represented/rendered by a "asp.net-control" on the ASPX page. So I want to restrict access to these controls based on user's role.
MasterPage builds the options menu the user has access according to his assigned role. It's used by all my internal pages.
protected void Page_Load(object sender, System.EventArgs e)
{
if (!Page.IsPostBack)
{
CargaItemMenu(MnuPrincipal, Convert.ToInt32(Session["IdPais"]), Convert.ToInt32(Session["IdRol"]), Convert.ToInt32(Session["IdUsuario"]));
Session.Add("MenuDinamico", MnuPrincipal);
if (MnuPrincipal.Items.Count < 1)
{
MenuItem menuItems = new MenuItem();
menuItems.Text = "Principal";
menuItems.Value = "1";
menuItems.NavigateUrl = "";
menuItems.Selectable = true;
MnuPrincipal.Items.Add(menuItems);
}
}
}
private void CargaItemMenu(Menu ctrlmenu, int v_IdPais, int v_IdRol, int v_IdUsuario)
{
oBEOpcionRol = new SEGU.Entities.ENOpcionRol();
oBLOpcionRol = new SEGU.BusinessLogic.BLOpcionRol();
List<ParametroGenerico> ArrayParam;
ArrayParam = CargarParamentrosOpcionRol(v_IdPais, v_IdRol, v_IdUsuario);
List<SEGU.Entities.ENOpcionRol> ListaMenuItems = oBLOpcionRol.ListaxIdPaisxIdRolxIdUsuario(ArrayParam);
foreach (SEGU.Entities.ENOpcionRol objOpcionRol in ListaMenuItems)
{
if (objOpcionRol.IdOpcion.IdOpcion.Equals(objOpcionRol.IdOpcion.IdMenu))
{
MenuItem mnuMenuItem = new MenuItem();
mnuMenuItem.Value = objOpcionRol.IdOpcion.IdOpcion.ToString();
mnuMenuItem.Text = objOpcionRol.IdOpcion.Nombre.ToString();
if (objOpcionRol.IdOpcion.RutaFormulario != "")
{
mnuMenuItem.NavigateUrl = objOpcionRol.IdOpcion.RutaFormulario.ToString();// +"?IdOpcion=" + Convert.ToString(objOpcionRol.IdOpcion.IdOpcion);
}
if (objOpcionRol.IdOpcion.PageNew == "1")
{
mnuMenuItem.Target = "_blank";
}
//mnuMenuItem.Target = "iframePrincipal"
if (objOpcionRol.IdOpcion.Imagen.Trim() != "")
{
mnuMenuItem.ImageUrl = "Seguridad/ImagenesMenus/" + objOpcionRol.IdOpcion.Imagen.Trim();
}
if ((mnuMenuItem.NavigateUrl.Trim().Length > 0))
{
mnuMenuItem.Selectable = true;
}
else
{
mnuMenuItem.Selectable = false;
}
ctrlmenu.Items.Add(mnuMenuItem);
AddMenuItem(mnuMenuItem, ListaMenuItems);
}
}
}
private void AddMenuItem(MenuItem mnuMenuItem, List<SEGU.Entities.ENOpcionRol> listaOpcionRol)
{
foreach (SEGU.Entities.ENOpcionRol objOpcionRol in listaOpcionRol)
{
if (objOpcionRol.IdOpcion.IdMenu.ToString().Equals(mnuMenuItem.Value) && !objOpcionRol.IdOpcion.IdOpcion.Equals(objOpcionRol.IdOpcion.IdMenu))
{
MenuItem mnuNewMenuItem = new MenuItem();
mnuNewMenuItem.Value = objOpcionRol.IdOpcion.IdOpcion.ToString();
mnuNewMenuItem.Text = objOpcionRol.IdOpcion.Nombre.ToString();
if (objOpcionRol.IdOpcion.RutaFormulario != "")
{
mnuNewMenuItem.NavigateUrl = objOpcionRol.IdOpcion.RutaFormulario.ToString();// +"?IdOpcion=" + Convert.ToString(objOpcionRol.IdOpcion.IdOpcion);
}
if (objOpcionRol.IdOpcion.PageNew == "1")
{
mnuNewMenuItem.Target = "_blank";
}
mnuMenuItem.ChildItems.Add(mnuNewMenuItem);
//mnuNewMenuItem.Target = "iframePrincipal"
if (objOpcionRol.IdOpcion.Imagen.Trim() != "")
{
mnuNewMenuItem.ImageUrl = "Seguridad/ImagenesMenus/" + objOpcionRol.IdOpcion.Imagen.Trim();
}
if ((mnuNewMenuItem.NavigateUrl.Trim().Length > 0))
{
mnuNewMenuItem.Selectable = true;
}
else
{
mnuNewMenuItem.Selectable = false;
}
AddMenuItem(mnuNewMenuItem, listaOpcionRol);
}
}
}
BasePage class checks if the user has access to the required page. All pages requiring authorization inherit from this BasePage class.
public class PaginaBase : System.Web.UI.Page
{
SEGU.BusinessLogic.BLOpcionRol oBLOpcionRol;
protected void Page_InitComplete(object sender, System.EventArgs e) {
string Url = this.Page.AppRelativeVirtualPath;
oBLOpcionRol = new SEGU.BusinessLogic.BLOpcionRol();
int b = oBLOpcionRol.AutentificarUrl(Convert.ToInt32(System.Web.HttpContext.Current.Session["IdPais"]), Convert.ToInt32(System.Web.HttpContext.Current.Session["IdUsuario"]), Convert.ToInt32(System.Web.HttpContext.Current.Session["IdRol"]), Url);
System.Web.HttpContext.Current.Session["IdOpcion"] = b;
if( b <= 0 ){
System.Web.HttpContext.Current.Response.Redirect("~/Seguridad/Acceso.aspx");
return;
}
}
.
.
}
Finally, on Customers.aspx Page_Load event I call a function (oBLPermisoOpcionRol.ValidarPermisos) which checks which receives the Page instance as parameters and iterate its controls (ex: DdlClientType, TxtLastName,ChkIsActive) to check which ones the user can edit, enabling, disabling or hiding them.
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
SetNodosMenu(TrvMenu, "");
if (this.TrvMenu.Nodes.Count < 1)
{
PrimerNodos(this.TrvMenu);
}
ListarModuloxAnulado(GvModulo, Convert.ToString(RblAnuladoModuloBusqueda.SelectedValue), Convert.ToInt32(0), Convert.ToInt32(DdlNroPaginaModulo.SelectedValue));
oBLPermisoOpcionRol = new SEGU.BusinessLogic.BLPermisoOpcionRol();
oBLPermisoOpcionRol.ValidarPermisos(Page, Convert.ToInt32(Session["IdRol"]), Convert.ToInt32(Session["IdOpcion"]));
}
}
public void ValidarPermisos(System.Web.UI.Page v_Page, int v_IdRol, int v_IdOpcion)
{
BusinessLogic.BLPermisoOpcionRol oBLPermisoOpcionRol = new BusinessLogic.BLPermisoOpcionRol();
List<ParametroGenerico> ArrayParam ;
ArrayParam = CargarParametros(v_IdRol, v_IdOpcion);
List<SEGU.Entities.ENPermisoOpcionRol> Lista = oBLPermisoOpcionRol.ListaxIdRolxIdOpcion(ArrayParam);
for(int Fila= 0; Fila< Lista.Count; Fila++){
bool v_Anulado= true;
if (Lista[Fila].Anulado == "1") {
v_Anulado = true;
}else if (Lista[Fila].Anulado == "0") {
v_Anulado = false;
}
bool v_ControlVisibleDisabled = true;
if (Lista[Fila].VisbleDisabled == "1") // Control Disabled
{
v_ControlVisibleDisabled = true;
}
else if (Lista[Fila].VisbleDisabled == "0") // Control Visible
{
v_ControlVisibleDisabled = false;
}
SetControls(v_Page, Lista[Fila].IdPermiso.Control, v_Anulado, v_ControlVisibleDisabled);
}
}
public void SetControls(System.Web.UI.Control parentControl, string v_Control, bool permitir, bool v_Permitir_ControlVisibleDisabled)
{
foreach(System.Web.UI.Control c in parentControl.Controls){
if( (c) is Button ){
if( ((Button)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Button)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((Button)c).Visible = false;
}
}else{
((Button)c).Visible = true;
}
}
}else if( (c) is CheckBox ){
if( ((CheckBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((CheckBox)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((CheckBox)c).Visible = false;
}
}else{
((CheckBox)c).Visible = true;
}
}
}else if( (c) is Label ){
if( ((Label)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Label)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((Label)c).Visible = false;
}
}else{
((Label)c).Visible = true;
}
}
}else if( (c) is TextBox ){
if( ((TextBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((TextBox)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((TextBox)c).Visible = false;
}
}else{
((TextBox)c).Visible = true;
}
}
}else if( (c) is GridView ){
if( ((GridView)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((GridView)c).Enabled = false;
}else if (v_Permitir_ControlVisibleDisabled == false)
{
((GridView)c).Visible = false;
}
}else{
((GridView)c).Visible = true;
}
}
}else if( (c) is ImageButton ){
if( ((ImageButton)c).ID == v_Control ){
if (permitir == true)
{
if (v_Permitir_ControlVisibleDisabled == true)
{
((ImageButton)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((ImageButton)c).Visible = false;
}
}
else
{
((ImageButton)c).Visible = true;
}
}
}else if( (c) is HyperLink ){
if( ((HyperLink)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((HyperLink)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((HyperLink)c).Visible = false;
}
}else{
((HyperLink)c).Visible = true;
}
}
}else if( (c) is DropDownList ){
if( ((DropDownList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((DropDownList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((DropDownList)c).Visible = false;
}
}else{
((DropDownList)c).Visible = true;
}
}
}else if( (c) is ListBox ){
if( ((ListBox)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((ListBox)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((ListBox)c).Visible = false;
}
}else{
((ListBox)c).Visible= true;
}
}
}else if( (c) is DataList ){
if( ((DataList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((DataList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((DataList)c).Visible = false;
}
}else{
((DataList)c).Visible = true;
}
}
}else if( (c) is CheckBoxList ){
if( ((CheckBoxList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((CheckBoxList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((CheckBoxList)c).Visible = false;
}
}else{
((CheckBoxList)c).Visible = true;
}
}
}else if( (c) is RadioButton ){
if( ((RadioButton)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((RadioButton)c).Enabled= false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((RadioButton)c).Visible = false;
}
}else{
((RadioButton)c).Visible = true;
}
}
}else if( (c) is RadioButtonList ){
if( ((RadioButtonList)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((RadioButtonList)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((RadioButtonList)c).Visible = false;
}
}else{
((RadioButtonList)c).Visible = true;
}
}
}else if( (c) is Image ){
if( ((Image)c).ID == v_Control ){
if( permitir == true ){
((Image)c).Visible = false;
}else{
((Image)c).Visible = true;
}
}
}else if( (c) is Panel ){
if( ((Panel)c).ID == v_Control ){
if (permitir == true)
{
if (v_Permitir_ControlVisibleDisabled == true)
{
((Panel)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((Panel)c).Visible = false;
}
}
else
{
((Panel)c).Visible = true;
}
}
}else if( (c) is Table ){
if( ((Table)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((Table)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((Table)c).Visible = false;
}
}else{
((Table)c).Visible= true;
}
}
}else if( (c) is LinkButton ){
if( ((LinkButton)c).ID == v_Control ){
if( permitir == true ){
if (v_Permitir_ControlVisibleDisabled == true)
{
((LinkButton)c).Enabled = false;
}
else if (v_Permitir_ControlVisibleDisabled == false)
{
((LinkButton)c).Visible = false;
}
}else{
((LinkButton)c).Visible = true;
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlInputButton ){
if( ((System.Web.UI.HtmlControls.HtmlInputButton)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlInputButton)c).Visible = false;
((System.Web.UI.HtmlControls.HtmlInputButton)c).Attributes.Add("disabled", "disabled");
}else{
((System.Web.UI.HtmlControls.HtmlInputButton)c).Visible = true;
((System.Web.UI.HtmlControls.HtmlInputButton)c).Attributes.Remove("disabled");
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlAnchor ){
if( ((System.Web.UI.HtmlControls.HtmlAnchor)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlAnchor)c).Visible = false;
// CType(c, System.Web.UI.HtmlControls.HtmlAnchor).Attributes.Add("disabled", "disabled")
}else{
((System.Web.UI.HtmlControls.HtmlAnchor)c).Visible = true;
//CType(c, System.Web.UI.HtmlControls.HtmlAnchor).Attributes.Remove("disabled") '' etiqueta <a runat="server" ID="id1">
}
}
}else if( (c) is System.Web.UI.HtmlControls.HtmlGenericControl ){
if( ((System.Web.UI.HtmlControls.HtmlGenericControl)c).TagName.ToUpper() == "DIV".ToUpper() ){
if( ((System.Web.UI.HtmlControls.HtmlGenericControl)c).ID == v_Control ){
if( permitir == true ){
((System.Web.UI.HtmlControls.HtmlGenericControl)c).Visible = false;
//CType(c, System.Web.UI.HtmlControls.HtmlGenericControl).Attributes.Add("disabled", "disabled")
}else{
((System.Web.UI.HtmlControls.HtmlGenericControl)c).Visible = true;
//CType(c, System.Web.UI.HtmlControls.HtmlGenericControl).Attributes.Remove("disabled") '' etiqueta <div runat="server" ID="iddiv">
}
}
}
}
SetControls(c, v_Control, permitir, v_Permitir_ControlVisibleDisabled);
}
}
This way, I don't have to use if-then sentences to check permissions and, I can create as many roles as I want, giving them any permissions, without having to change any C# code.
You can check these posts also:
Is ASP.NET role based security a true role based access control system?
How to control access to forms fields on a ASP.Net MVC 3 view?
Upvotes: 1
Billy ONeal
Reputation: 106609
Any permissions system requires two components -- authorization and access control. Authorization is the means to prove the user's identity. This is accomplished, usually, with some kind of user and password storage, but you can use systems like OpenID, or any number of federated identity systems (Active Directory/Kerberos/etc.) to accomplish the same thing.
Once you know who the user is, then there's access control, which is enforcing permssions against that user.
Now, in ASP.NET's case, you're not going to be able to just stick an attribute on something, because attributes do not run code. In order to get the validation code to run, you would need to write a plugin of some sort to do this validation for you. Webforms already has support for authentication and access control mechanisms; why reinvent the wheel?
Upvotes: 2
Related Questions
- Role based security in ASP.NET
- Role based security asp.net mvc
- Role based access control with ASP.NET identity
- Role Base Access Control in asp.net application
- Permission-based authorization in ASP.NET MVC3
- MVC3 access control
- Implementing access control in ASP.NET MVC 3
- Access control in a ASP.MVC application
- Need help to Secure an ASP.NET Web Application
- ASP.NET access controls