Last post Jul 29, 2010 04:22 PM by atconway
Jul 22, 2010 07:11 AM|kaleesice|LINK
I need to implement field level security based on the roles.
I have a page Employee.aspx . In that i have ten controls.
If i am enter as admin role i need to show all the controls.
If i am enter as user have to show only five controls.
How to design the appplication for control level security?
Please provide the better solution for my requirement.
Jul 22, 2010 07:36 AM|Jonelle|LINK
Wrap named panel controls round the controls you need to secure. Then in your C# code use the syntax
if(Page.User.IsInRole("Admin")) //Or whatever your admin role is.
to check the user's permissions and show/hide the control.
Jul 22, 2010 09:53 AM|nizam133|LINK
you can have following tables
1-Objects ---e.g (Employee, Leave, Appraisal)
2- ObjectOpTypes -- define all posible operation which you will have in your applciation e.g Create/Edit/View
3- Controls -- put your asp.net control unique ID which you defined on your page
4- ObjectValidOps -- this will tell you which object have which optype (e.g employee have create/view/edit operations)
in this table which each valid operations put controlID a column
4- AppRoleAccess (AppRoleAccessID, objectID, objectValidOpID, AppRoleID, Permitbit )
I hope above above database table structure helps, you can write a sproc to fetch permission sets with following
Jul 22, 2010 05:41 PM|Jonelle|LINK
Forgot to mention. You could yuse the LoginView control to implement this. Try this link;
Jul 28, 2010 05:17 PM|eidand|LINK
Personally I would separate this type of functionality into a normal page and an admin page. It's better to not try to do too much in one page.If you make a mistake and a normal user sees the admin functionality, then it's not good for anyone.
You can have an admin folder with some pages and restrict the access to it via web.config
Jul 29, 2010 04:22 PM|atconway|LINK
I would suggest at a minimum to refactor the code marked in the 1st replay as the answer, rather than having that wrapper code slapped all throughout the UI. That will become messy and difficult to maintain. Upon initializing the page, you could call a
SetupPageControls(UserRole As Role) method for example that will show and hide certain controls. This way if you need to make changes, it will be in a centralized location.
It would be ideal if roles granted authorization on a page by page basis, but if you need that granular of control over visibility then use the code provided and refactor it to a central locations.