Reputation: 23841
What are the ways to notify user that he does not have permissions to access a page?
What are the ways to notify user that he does not have permissions to access a page?
What I already started is that I made an error page with "no permissions" message and user will be redirected if he does not have permissions on this page.
I don't know if this is the official or the best way.
Another place that what should I do in the UserControl case, for example, when I have a user control to browse the employees and I don't want to prevent the user in everytime the user control is used. I would prefer to process the permissions from one place (inside the user control's code).
Any ideas will be approciated.
Thanks.
Upvotes: 0
Views: 332
Answers (4)
Reputation: 52241
I would suggest you make a custom page and redirect the user to that page if that user is not in certain role...
Put this condition in master page:
if (!(HttpContext.Current.User.IsInRole("Admin"))
{
Response.Redirect("UnAuthenticatedUser.aspx");
}
Upvotes: 2
Reputation: 49185
It would all depend on how fine grained your permissions are. Based on permissions set, sometimes it may not make sense to show the entire page while other times, you need to disable and/or make readonly and/or hide part of UI. For example, lets say, there are two permissions, view user details and add/edit user details. So if view permission is not present then navigating to user details page, one should redirect user to a common error page stating something like "Insufficient Permissions". On the other hand, if view permission is there but no edit permission then one can see user details but button/links such as Edit/Detele should be hidden/disabled (or you may show user details in read-only format etc).
Typically, I prefer to fetch entire user permission set on login and cache it into application wide context classes (generally user specific context gets backed by session state). The permission set would have methods to check against specific permission. Then the base page (all pages would be derived from one common base page - intermediate base pages are possible for different concerns) would check if view permission for the page is present (the permission is obtained via a virtual method that interested page overrides to supply) and if not then user is redirected to common error page. Adjusting specific UI as per permissions is left to the individual pages (although there can be cases where pages may have common templates and even share that piece of code via another base page).
Upvotes: 1
Reputation: 14781
You have many options including:
Option1: Redirect user to a page that you have created for such purpose ..
Response.Redirect("ErrorPage.aspx");
Option2: Throw an exception then handle it in an appropriate way..
throw new Excepion("Exception Message");
I usualy set the value of the Visible property for the control that user does not have permissions on them to false .
Upvotes: 1
Related Questions
- Restrict access to some .aspx pages
- Permission To Access Pages
- If current user does not have permission to a particular page, how it should be handled?
- ASP.Net - how to display a "You are not authorized" message when authorization fails
- Showing web page content based on user's access rights
- Check permission on every page
- What is the best way to check a user's permissions while they are browsing through your website?
- ASP.NET MVC Show Error Message or Page When User's Access Level is Denied
- Determine if user can access the requested page?
- Asp.Net deny access on certain pages to users