terbubbs
terbubbs

Reputation: 1512

Windows Authentication for Web Form Button

What I need to do is allow or deny users access to a specific button control on my asp web form. What I'd like to do is base it off their Windows credentials, so that it is unnecessary to use a login page. Only a few people in the company should have access to this control because it clears a SQL table that holds inventory results and creates a back up.

Is there a way to authenticate when Default.aspx loads and if authenticated, make DeleteButton.Visible = true?

In the meantime, I'm taking a look at ASP windows authentication tutorials. Most of the tutorials seem geared towards allowing or denying access to the web form in general, but other users should be allowed to access the form (just not the delete button).

Upvotes: 0

Views: 536

Answers (1)

Dave Becker
Dave Becker

Reputation: 1433

Could try something like:

DeleteButton.Visible = User.Identity.IsAuthenticated && 
                       User.IsInRole("AllowedToPressButton");

As you have no login logic as such (because Windows has already done the authentication) you'll need to handle which specific users are in the "AllowedToPressButton" group.

To make the above example work try the following:

web.config

<system.web>
    <roleManager enabled="true" />
</system.web>

global.asax

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    If (Roles.RoleExists("AllowedToPressButton") = False) Then
        Roles.CreateRole("AllowedToPressButton")
        Roles.AddUserToRole("DOMAIN\User", "AllowedToPressButton")
    End If
End Sub

This is a very simple way of implementing the solution and it tightly binds the user/role assignments. Role management in ASP.NET can implemented in several ways such as SQL or Windows (and more).

Here are a couple of good articles about using custom roles and windows auth

Upvotes: 1

Related Questions