Last post Jul 05, 2012 12:20 PM by Ruchira
Jul 04, 2012 01:12 PM|nirman.doshi|LINK
I have asp:DropDownList control in my website.
This dropdown lists all users of my application. If a logged in user is non-admin then the dropdown should be disabled, and if a user is admin then the dropdown should be enabled. (I know, its a bad design, but its the way it was developed)
The problem is that, any non-admin user with little knowledge of CSS can open a developer tool (or firebug) and can enable that dropdownlist easily.
Anyone has idea of how to overcome this?
Jul 04, 2012 01:16 PM|hariharakrishnan|LINK
I ask you one thing, didn't the application is written to check the user previlages before executing a submit operation which is recieved to the page?
if it is done, let him to do any thing with the firebug.
Jul 04, 2012 01:21 PM|adeelehsan|LINK
If the permissions are properly controlling everything, then its ok but still you can hide the dropdown instead of disabling it, if the user is non admin. This way it will not be part of the html, so no one can see it. Or you can add it dynamically for admin
Jul 04, 2012 01:25 PM|hariharakrishnan|LINK
Ofcourse Mr.adeeleshan. Doing this is a casual practise and a good one too.
Jul 05, 2012 12:20 PM|Ruchira|LINK
Set the Visible="false" for that particualr dropdownlist so it will not get rendered at the client side.
My Tech blog | My YouTube Channel