Restrict Pages......?????
-
hi all How can I validate the Pages by using the base class, means... If Once I loged as an administrator then the page is 'admin.aspx', and after loging out if I loged as a user to page 'userpage.aspx' and in the address bar I enter the page as admin.aspx' instead of 'user.aspx' then browser is redirecting to admin page... I want to validate this to restrict access the admin page.... there I am using sessions for both pages from login pages seperately. how can I check the credentials in page load pls help me pls help me...... with the code regards Naushad
modified on Saturday, April 19, 2008 6:31 AM
-
hi all How can I validate the Pages by using the base class, means... If Once I loged as an administrator then the page is 'admin.aspx', and after loging out if I loged as a user to page 'userpage.aspx' and in the address bar I enter the page as admin.aspx' instead of 'user.aspx' then browser is redirecting to admin page... I want to validate this to restrict access the admin page.... there I am using sessions for both pages from login pages seperately. how can I check the credentials in page load pls help me pls help me...... with the code regards Naushad
modified on Saturday, April 19, 2008 6:31 AM
-
Hello Friend. To solve this problem store userid in a cookie . each time u logon check with cookie value if it mismatch display a error message. i hope u got something. Please do cantact for doubts.
ArunVijay
I had tried it with session and cookie, but still page is displaying... If I click any link in that page then exception will occure, it is not entering into the page load event when I type the page name in the address bar...
-
hi all How can I validate the Pages by using the base class, means... If Once I loged as an administrator then the page is 'admin.aspx', and after loging out if I loged as a user to page 'userpage.aspx' and in the address bar I enter the page as admin.aspx' instead of 'user.aspx' then browser is redirecting to admin page... I want to validate this to restrict access the admin page.... there I am using sessions for both pages from login pages seperately. how can I check the credentials in page load pls help me pls help me...... with the code regards Naushad
modified on Saturday, April 19, 2008 6:31 AM
Hi you can create a security object table on your database that all pages names and their access permissions. Your security object table may be for example such this: Id(int) URL(varchr(256)) GrantAdmin(bit) GrantUser(bit) GrantPublic(bit) You shuld insert each page url and its permission into this table and in your base page (that each page inherit from it) on page load you had to get page url and then get its permission from data base and then check user type with page permission. protected override void OnInit(EventArgs e) { base.OnInit(e); CheckAccessPermissions(); } private void CheckAccessPermissions() { String applicationPath = this.Request.ApplicationPath; String pagePath = this.Request.Path; pagePath = pagePath.Replace(applicationPath+"/", ""); try { Permissions permission = GetPagePermissions(pagePath); //Permissions is a class that contain security object table columns User user = null;//User is a class that contain user name and user role if (!permission.GrantPublic)//if the page is not public { if (Context.User.Identity.IsAuthenticated) { user = (User)Context.Items["UserInfo"]; //Context must be set on global.asax(Application_AuthorizeRequest) if (user.Role == Roles.Administrator) // Roles is a enum return; //Administrator is granted to access all the pages. else if (user.Role == Roles.User&& permission.GrantUser) return; //User is a not admin and the page is granted for user access. else //the user is authenticated but does not have permission to access this page.s Response.Redirect("~/AccessIsDenied.aspx"); } else { //If the page is not public and user is not authenticated: Response.Redirect("~/AccessIsDenied.aspx"); } } } catch (FileNotFoundException) { throw new Exception("Access permissions to this page are not set. Page path: "+pagePath); } catch {