Reputation: 6271
dynamically allow roles to a page or folder
I am using asp.net webforms. I use a web.config to define what roles can access pages and folders. like this
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
how can I do this dynamically? so without deploying I could add a role, like 'Developer'
Is there a way I could read these from a database? thanks
Upvotes: 0
Views: 705
Answers (1)
Reputation: 49245
Not sure what exactly are you asking here...
The authorization sighted by you is known as URL Authorization and provided by in-build ASP.NET module. This implementation uses the context associated IPrincipal (HttpContext.User) to see the authenticated user is member of configured role. So if you want to have your own arbitrary roles (instead of windows roles), you can provide your own IPrincipal implementation that would retrieve the assigned roles for the current user from the data-base (or any other source that you want to use). However, the authorization information will still remain in the configuration file.
In case, you want to move the authorization information (who can access what) then you can implement your own authorization module. The module can read this information from the database and enforce the access security the way you wanted.
Upvotes: 1
Related Questions
- Multiple role based folder authorization in asp.net web.config
- securing pages in a folder with user roles?
- ASP.NET MVC - Dynamic Authorization
- MVC Dynamic Page Permissions Using Authorize Attribute?
- Individual page authorization based on roles in ASP.NET MVC 5
- Dynamic directory authorisation asp.net
- Manage user access to pages in ASP.NET
- Designing Permission based role system rather than directory based in asp.net
- ASP.NET Role based access
- Role based authorization