eiu165
eiu165

Reputation: 6271

dynamically allow roles to a page or folder

I am using asp.net webforms. I use a web.config to define what roles can access pages and folders. like this

   <system.web>
     <authorization>
       <allow roles="Admin" />
       <deny users="*" />
     </authorization>
   </system.web>

how can I do this dynamically? so without deploying I could add a role, like 'Developer'

Is there a way I could read these from a database? thanks

Upvotes: 0

Views: 705

Answers (1)

VinayC
VinayC

Reputation: 49245

Not sure what exactly are you asking here...

The authorization sighted by you is known as URL Authorization and provided by in-build ASP.NET module. This implementation uses the context associated IPrincipal (HttpContext.User) to see the authenticated user is member of configured role. So if you want to have your own arbitrary roles (instead of windows roles), you can provide your own IPrincipal implementation that would retrieve the assigned roles for the current user from the data-base (or any other source that you want to use). However, the authorization information will still remain in the configuration file.

In case, you want to move the authorization information (who can access what) then you can implement your own authorization module. The module can read this information from the database and enforce the access security the way you wanted.

Upvotes: 1

Related Questions