Re: User.IsInRole with * wildcard, web.sitemap etc.

From: Alexey Smirnov <alexey.smirnov@xxxxxxxxx>
Date: Tue, 10 Jul 2007 04:56:48 -0700

On Jul 10, 12:51 pm, "Tim Mackey" <tim.mac...@xxxxxxxxxxxxxxxx> wrote:

alexey, dominick, thanks for the reply. perhaps i should clarify.
authorization is already controlled via web.config in as much as possible.
the 'reports.aspx' page is accessible to anyone, as defined in web.config,
however since i am using querystring parameters to refer to stored
procedures, i perform an additional security check to verify the user's
access to the querystring supplied. Since i have fully specified the access
rules in web.sitemap, i am using the roles defined here to decide if the
user should be able to access a certain URL. the example below illustrates:

<sitemapnode Url="reports.aspx?sp=PublicReport1" Roles="*" />
<sitemapnode Url="reports.aspx?sp=PrivateReport1" Roles="Admins" />
<sitemapnode Url="reports.aspx?sp=PrivateReport2" Roles="Admins" />

reports.aspx currently enumerates the roles specified in web.sitemap to
validate the request. i guess i will have to handle the * wildcard role
manually. my scenario is fairly non-standard, i would accept that, although
my reports page is invaluable: it dynamically generates UI controls to match
parameters for any SP, and then binds the results to an enhanced GridView
with built-in excel export etc. (or sends the parameters to a specified
crystal report).

foreach (string role in siteMapNode.Roles)
if (role == "*" || User.IsInRole(role))
return; // OK

.

References:
- Re: User.IsInRole with * wildcard, web.sitemap etc.
  - From: Dominick Baier
- Re: User.IsInRole with * wildcard, web.sitemap etc.
  - From: Tim Mackey

Prev by Date: Re: User.IsInRole with * wildcard, web.sitemap etc.
Next by Date: How do I avoid the App_Data directory?
Previous by thread: Re: User.IsInRole with * wildcard, web.sitemap etc.
Next by thread: Re: Setting up ASP.NET Configuration in Visual Studio 2005
Index(es):
- Date
- Thread

Relevant Pages

Re: RADiest Client for SQL Server
... > So were they MDB front ends or ADP front ends? ... Access starts off with all functionality and you have to find ways to ... The controls look like real windows controls, ... probably need to purchase Active Reports or Crystal Reports to have ...
(microsoft.public.sqlserver.msde)
Re: RADiest Client for SQL Server
... > So were they MDB front ends or ADP front ends? ... Access starts off with all functionality and you have to find ways to ... The controls look like real windows controls, ... probably need to purchase Active Reports or Crystal Reports to have ...
(microsoft.public.sqlserver.server)
Re: RADiest Client for SQL Server
... > So were they MDB front ends or ADP front ends? ... Access starts off with all functionality and you have to find ways to ... The controls look like real windows controls, ... probably need to purchase Active Reports or Crystal Reports to have ...
(microsoft.public.sqlserver.programming)
Re: RADiest Client for SQL Server
... > So were they MDB front ends or ADP front ends? ... Access starts off with all functionality and you have to find ways to ... The controls look like real windows controls, ... probably need to purchase Active Reports or Crystal Reports to have ...
(microsoft.public.sqlserver.clients)
Re: RADiest Client for SQL Server
... > So were they MDB front ends or ADP front ends? ... Access starts off with all functionality and you have to find ways to ... The controls look like real windows controls, ... probably need to purchase Active Reports or Crystal Reports to have ...
(microsoft.public.sqlserver)