O'Reilly logo

ASP.NET Cookbook by Geoffrey T. LeBlond, Michael A Kittel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

8.3. Restricting Access to Application Pages by Role

Problem

You want to assign or make use of predefined roles for the users of your application, and you want to control access to pages as a function of these roles.

Solution

The solution involves the following steps:

  1. Implement the solution described in Recipe 8.2, adding to web.config the required roles for each of the pages.

  2. In the code-behind class for the ASP.NET login page, add the user’s role information to the authentication cookie when the user logs in.

  3. Add code to the Application_AuthenticateRequest method in the global.asax code-behind to recover the user role information and build a user principal object.

  4. Set the user principal object to the Context.User property to provide ASP.NET the data it needs to perform page-by-page authentication.

The code we’ve written to illustrate this solution appears in Example 8-6 through Example 8-10. The <authentication> and <authorization> elements of web.config are shown in Example 8-6. The login page code-behind where the authentication cookie is created is shown in Example 8-7 (VB) and Example 8-8 (C#). (See Recipe 8.1 for the .aspx file for a typical login page.) The Application_AuthenticateRequest method in the code-behind for global.asax is shown in Example 8-9 (VB) and Example 8-10 (C#).

Discussion

The approach we favor for this recipe builds on Recipe 8.2 but quickly takes a tack of its own based on the addition and use of user roles. The <authentication> and <authorization> elements ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required