I am a new ASP.NET developer and I did two projects on it. Right now, I am developing a simple intranet training development web-based application where I have three different roles: Admin, Contribute and User. The difference between all of them is that
a new menu tab will be appeared in case of Admin and Contribute. I developed this by making the menu bar as a User Control and for role I created property for showing the tab particular for each role.
**Code of the User Control (Menu Tab)(.ascx file):**
The system is only accessible by my division employees. Now, they asked me to make it accessible to everybody without showing them the real functionality that contains the division data. I am confused how I will develop this, because it seems that my way that
I used for the Admin and Contribute role does not work here. Because the visitor will be able to view most of the pages like any employee in my division with User role.
**How to differentiate between both of them?**
**NOTE:**
I am developing an intranet web-based application, so I am using the Windows Authentication and I already developed the User Management sub-system instead of using ASP.NET Membership.
private void btnLogin_Click(object sender, System.EventArgs e)
{
if (ValidateUser(txtUsername.Text, txtPassword.Text))
{
FormsAuthentication.Initialize();
String strRole = AssignRoles(txtUsername.Text);
//The AddMinutes determines how long the user will be logged
in after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new
FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), false, strRole,
FormsAuthentication.FormsCookiePath);
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Tex
t, false));
}
else
lblError.Visible = true;
}
private Boolean ValidateUser(String strUsername, String strPassword)
{
//Return true if the username and password is valid, false if it isn't
return ((strUsername == "admin") && (strPassword == "password"));
}
private String AssignRoles(String strUsername)
{
//Return a | separated list of roles this user is a member of
if (txtUsername.Text == "admin")
return "bigboss|wimpyuser";
else
return String.Empty;
}
The logout.aspx page should have this on it:
<table width="100%">
<tr>
<td align="middle">
You have been logged out.
<asp:hyperlink id="hlLogin" runat="server"
navigateurl="default.aspx">Log back in.</asp:hyperlink>
</td>
</tr>
</table>
The CodeBehind for the logout page should include this:
Session.Abandon(); FormsAuthentication.SignOut();
You can put things that are only allowable to certain roles on your web page by using code like this:
matrix388
Member
47 Points
92 Posts
How to differentiate between the Visitor and User of the system?
Jun 30, 2012 03:55 AM|LINK
I am a new ASP.NET developer and I did two projects on it. Right now, I am developing a simple intranet training development web-based application where I have three different roles: Admin, Contribute and User. The difference between all of them is that a new menu tab will be appeared in case of Admin and Contribute. I developed this by making the menu bar as a User Control and for role I created property for showing the tab particular for each role.
**Code of the User Control (Menu Tab)(.ascx file):**
<ul class="menu" runat="server" > <li><a href="Default.aspx">Home</a></li> <li><a href="Services.aspx">Services</a> <ul> <li><a href="Quiz.aspx">Quiz Engine</a></li> <li><a href="Suggestion.aspx">Safety Suggestions Box</a></li> <li><a href="#">PMOD Saftey Management System</a></li> </ul> </li> <li><a href="BeSafe.aspx">Be Safe !</a> <ul> <li><a href="Newsletter.aspx">Newsletter</a></li> <li><a href="Library.aspx">PSSP Library</a></li> <li><a href="Links.aspx">Useful Links</a></li> </ul> </li> <li><a href="UserProfile.aspx">Profile</a></li> <li><a href="About.aspx">About</a></li> <li><a href="Contact.aspx">Contact Us</a></li> <li><a href="Faq.aspx">FAQ</a></li> <li><a href="Help.aspx">Help</a></li> <li id="menuItem1ToHide" runat="server"><a href="Admin.aspx">Admin</a> </li> <li id="menuItem2ToHide" runat="server"><a href="Contribute.aspx">Settings</a> <ul> <li><a href="KPIReport.aspx">PMOD Safety Training Detailed Matrix</a></li> <li><a href="UpdateKPIReport.aspx">Update Safety Training Matrix</a></li> </ul> </li> <li id="menuItem3ToHide" runat="server"><a href="Contribute.aspx">Management</a> <ul> <li><a href="Dashboard.aspx">Department Dashboard</a></li> <li><a href="KPIReport.aspx">PMOD Safety Training Detailed Matrix</a></li> </ul> </li> </ul>The system is only accessible by my division employees. Now, they asked me to make it accessible to everybody without showing them the real functionality that contains the division data. I am confused how I will develop this, because it seems that my way that I used for the Admin and Contribute role does not work here. Because the visitor will be able to view most of the pages like any employee in my division with User role.
**How to differentiate between both of them?**
**NOTE:**
I am developing an intranet web-based application, so I am using the Windows Authentication and I already developed the User Management sub-system instead of using ASP.NET Membership.
csharp
vijayst
All-Star
16558 Points
3216 Posts
Microsoft
Re: How to differentiate between the Visitor and User of the system?
Jun 30, 2012 04:54 AM|LINK
if(user.IsInRole("Admin")) ShowAdminMenu(); else HideAdminMenu(); // similar stuff for ContributeThis is possible using Role based code security as shown in the code above.
http://liteblog.codeplex.com
cchidambaram
Member
136 Points
115 Posts
Re: How to differentiate between the Visitor and User of the system?
Jun 30, 2012 07:13 AM|LINK
Hi,
In the web.config file in the root of the web site, insert this XML:
In the global.asax file, insert this code:
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { //Fires upon attempting to authenticate the use if (!(HttpContext.Current.User == null)) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity)) { FormsIdentity fi = (FormsIdentity) HttpContext.Current.User.Identity; FormsAuthenticationTicket fat = fi.Ticket; String[] astrRoles = fat.UserData.Split('|'); HttpContext.Current.User = new GenericPrincipal(fi, astrRoles); } } } }Create a Web Form named login.aspx, set the style to Flow Layout, and put this onto the
page:
In the CodeBehind for login.aspx, put this code:
private void btnLogin_Click(object sender, System.EventArgs e) { if (ValidateUser(txtUsername.Text, txtPassword.Text)) { FormsAuthentication.Initialize(); String strRole = AssignRoles(txtUsername.Text); //The AddMinutes determines how long the user will be logged in after leaving //the site if he doesn't log off. FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, strRole, FormsAuthentication.FormsCookiePath); Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat))); Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Tex t, false)); } else lblError.Visible = true; } private Boolean ValidateUser(String strUsername, String strPassword) { //Return true if the username and password is valid, false if it isn't return ((strUsername == "admin") && (strPassword == "password")); } private String AssignRoles(String strUsername) { //Return a | separated list of roles this user is a member of if (txtUsername.Text == "admin") return "bigboss|wimpyuser"; else return String.Empty; }The logout.aspx page should have this on it:
The CodeBehind for the logout page should include this:
Session.Abandon();
FormsAuthentication.SignOut();
You can put things that are only allowable to certain roles on your web page by using
code like this:
hlAdmin.Visible = Page.User.IsInRole("bigboss");