Last post Apr 29, 2011 01:40 PM by anas
Apr 29, 2011 04:46 AM|DrZ3D|LINK
i'm using framework 4 asp.net webform vs 2010
i want to create a website that will generate some pages from database and each page will have some access roles. that's because i can't use web.config file to Authorize the pages.
all i know is i have write a module to handel it and the orginal module that tack care of this situation is UrlAuthorizationModule and it implements from base class IHttpModule and it's not inheritable
can you please let me know where can i find some information about how can i write this module ? or can you point me in right direction?
Apr 29, 2011 01:40 PM|anas|LINK
Basically, you will need to handle one of the httpmodule events(probably the Authenticate_Request event) and then check if the current logged in user roles is in the list of allowed roles for the requested page.
Maybe you can keep using the standard urlauthorization module for the rest of the pages, and handle the dynamic pages only in your new module.
So if you have a page template that will be used to render the pages from database, you could then check if the request is for that page and then you write your custom code:
Here is an example:
public class DynamicPagesAuthorizationModule : IHttpModule
public void Init(HttpApplication context)
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
void context_AuthenticateRequest(object sender, EventArgs e)
string requestPath = Path.GetFileName(HttpContext.Current.Request.Path).ToLower();
if (Path.GetExtension(requestPath).ToLower()==".aspx" && requestPath.Equals("PageViewer.aspx",StringComparison.CurrentCultureIgnoreCase))
//if there is a page id in the query string, we do the check
// Here you can get the list of security roles that are permitted to access the page.
//Get current user roles.
//check if the user has at least one role in the lsit of permitted roles.
//if(user roles is not in the list of permitted roles)
// the user is not allowed to access the requested page.
//we redirect the user to access denied page.
#region IHttpModule Members
public void Dispose()