How to restrict user access in ASP.NET website using ASP.NET Menu ? Samples and examples

Description:
Initially I have designed login page to verify user authentication

Screen shot

Server Side


protected void Button1_Click(object sender, EventArgs e)
{
    try
    {
        sqlcon.Open();
        //Check Enter username and password match with database value default i store username "ravi" and password "test123"
        sqlcmd = new SqlCommand("select * from userLogin where usrname='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'", sqlcon);
        da = new SqlDataAdapter(sqlcmd);
        dt.Clear();
        da.Fill(dt);
        if (dt.Rows.Count > 0)
        {
            /*If user entered detailed match then exection come into this block we need to assign user name in Session 
             because we can access the session value in any other page in the same web site*/
            Session["loginuser"] = TextBox1.Text;
            //Afetr Assign session value redirect to home page
            Response.Redirect("Default2.aspx");
        }
        else
        {
            TextBox1.Text = "";
            TextBox2.Text = "";
            Page.RegisterClientScriptBlock("Alert Message", "<script type='text/javascript'>alert('Invalid Login Details!')</script>");
        }
    }
    catch (Exception ex)
    {
        Response.Write(ex.ToString());
    }
    finally
    {
        sqlcon.Close();
    }
}

I have create ASP.NET Menu control like this


<%@ Control Language="C#" AutoEventWireup="true" CodeFile="Menu.ascx.cs" Inherits="Menu" %>

<%--IE8 Issue fix code--%>
<style type="text/css">
    .IE8Fix{z-index: 1000;}
</style>

<%--Below line is static header  menu --%>
<asp:Menu ID="Menu1" runat="server" Orientation="Horizontal" Width="400" StaticEnableDefaultPopOutImage="false"
    BackColor="#B9014A" OnMenuItemClick="Menu1_MenuItemClick">
    
    <%--To Set Font Style, Border color, Border with extra of your static menuitem (Top menu row) in below line--%>
    <StaticMenuItemStyle Font-Names="Arial black" Font-Size="10px" Height="30px" ForeColor="#ffffff" />
    
    <%--To Set Top menu row handover style in below line--%>
    <%--<StaticHoverStyle BackColor="#023178" ForeColor="#ffffff" />--%>
    
    <%--To Set Font Style, Border color, Border with extra of your Dynamic menuitem (drop down menu) in below line--%>
    <DynamicMenuItemStyle Font-Names="Arial black" Font-Size="10px" HorizontalPadding="5px"
        VerticalPadding="2px" Height="25px" BackColor="#955870" ForeColor="White" 
        Font-Bold="False"
        Width="200" />
        
    <DynamicMenuStyle BackColor="#1D3F6C" ForeColor="White" CssClass="IE8Fix"/>
        
        
    <%--To set Drop down menu item handover style in below line--%>
    <DynamicHoverStyle BackColor="#FFFFFF" ForeColor="#040818" Width="100%" />
    
    <%--Specify below what are the menu show in menu control--%>
    <Items>
        <asp:MenuItem Text="File" Value="File">
            <asp:MenuItem Text="New" Value="New" Enabled="false"></asp:MenuItem>
            <asp:MenuItem Text="Open" Value="Open" Enabled="false"></asp:MenuItem>
        </asp:MenuItem>
        <asp:MenuItem Text="Edit" Value="Edit">
            <asp:MenuItem Text="Copy" Value="Copy" Enabled="false"></asp:MenuItem>
            <asp:MenuItem Text="Paste" Value="Paste" Enabled="false"></asp:MenuItem>
        </asp:MenuItem>
    </Items>    
</asp:Menu>

Menu Control server side code


using System.Data;
using System.Configuration;
using System.Data.SqlClient;

public partial class Menu : System.Web.UI.UserControl
{
    SqlConnection sqlcon = new SqlConnection(ConfigurationManager.ConnectionStrings["Con"].ConnectionString);
    SqlCommand sqlcmd = new SqlCommand();
    SqlDataAdapter da = new SqlDataAdapter();
    DataTable dt = new DataTable();
    DataRow dr;

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            //Get waht are the access pages for login user using session value
            sqlcon.Open();
            SqlCommand sqlcmd = new SqlCommand("select * from usrrestrict where uid='" + Session["loginuser"].ToString() + "'",sqlcon);
            da = new SqlDataAdapter(sqlcmd);
            da.Fill(dt);
            sqlcon.Close();
            string accpage = "";

            if (dt.Rows.Count > 0)
            {
                Session.Remove("accpage");
                //Enble true of each page from the usrrestrict table
                for (int i = 0; i <= dt.Rows.Count - 1; i++)
                {                   
                    
                    dr = dt.Rows[i];
                    accpage += dr["accpage"].ToString() + ",";
                    switch (dr["accpage"].ToString())
                    {
                        case "New":
                            Menu1.Items[0].ChildItems[0].Enabled = true;
                            break;
                        case "Open":
                            Menu1.Items[0].ChildItems[1].Enabled = true;
                            break;
                        case "Copy":
                            Menu1.Items[1].ChildItems[0].Enabled = true;
                            break;
                        case "Paste":
                            Menu1.Items[1].ChildItems[1].Enabled = true;
                            break;
                    }
                }
                //Finally Stored it lmited access pages name in the Session because we use this session in each to protect user directly enter url
                Session["accpage"] = accpage;
            }


        }
    }
    protected void Menu1_MenuItemClick(object sender, MenuEventArgs e)
    {

        if (e.Item.Depth.ToString() == "0")
        {
            return;
        }

        switch (e.Item.Value.ToString())
        {
            case "New":
                Response.Redirect("New.aspx");
                break;
            case "Open":
                Response.Redirect("Open.aspx");
                break;
            case "Copy":
                Response.Redirect("Copy.aspx");
                break;
            case "Paste":
                Response.Redirect("Paste.aspx");
                break;
        }

    }
}

That's all here after your ASP.NET Menu automatically enable true or false using database value

Output look like this
Screen shot

Suppose user directly typed not accessible page in that url I protect use this way


protected void Page_Load(object sender, EventArgs e)
{
    Boolean pacess=false;
    if (Session["accpage"] == null)
    {
        Response.Redirect("Default.aspx");
    }
    else
    {
        string[] acright;
        acright=Session["accpage"].ToString().Split(',');
        foreach (string s in acright)
        {
            //Mention below your current page name
            if (s == "New")
            {
                pacess = true;
                break;
            }
        }
    }

    //Check user have rights to access this page
    if (pacess == false)
    {
        Response.Redirect("Default.aspx");
    }
}

Unauthorized page error shows like this
Screen shot

Source Code Detail:
Here with I have attached entire source code download it and try to learn ASP.NET Menu restriction.
Front End : ASP.NET
Code Behind : C#

Conclusion:
I hope this article help to know about ASP.NET Menu restriction.

Online Members

How to restrict user access in ASP.NET website using ASP.NET Menu ?

Post Comment:

Email subscription