How to assign user roles and hide buttons from users who are not in a role, asp.net

Question

I know it's a lot of articles about roles and authorization but I need something different and I can't find anything so far.. I'm working on a Web application built in ASP.NET, C# behind and a MySQL database connected.

So what I need is just a simple check somewhere(web.conf or Default.aspx.cs, I don't know)

if user "admin" (i.e inRole="admins") -> give permissions to everything
if user normalUser1 (i.e inRole = "users) -> HIDE 2 buttons 

so they are not able to click them.

The example: Admins can click a button Upload and Delete which access the database behind Users can not click Upload or delete, maybe hide the button it self

If you have any ideas.

Answer 1

The simplest idea is to place 2 admins buttons to separate Panel and hide it on the server side:

adminFunctionalityPanel.Visible = User.IsInRole("Admins");

Or just hide buttons itself:

btnDelete.Visible = btnUpload.Visible = User.IsInRole("Admins");

http://www.asp.net/security/tutorials/role-based-authorization-cs

Answer 2

There is a built in control within asp.net that allows for this functionality.

Check out the <asp:LoginView> control. This allows you to show/hide certain controls depending on if a user is authenticated, also depending on what roles you have specified.

Have a look at these links below. They describe how to use it.

http://msdn.microsoft.com/en-us/library/ms178329.aspx#the_loginview_control

http://weblogs.asp.net/sukumarraju/archive/2010/07/28/role-based-authorization-using-loginview-control.aspx

On assigning users to Roles, you can either use the built in ASP.NET Configuration Tool within Visual Studio, or you can create your own code/UI to manage this.