Setting the Role based access authorization to your webpages in ASP.NET
Now we will very closely look into the authorization based on the user role in ASP.NET webpages. I often came across the situation many of dot net developers suffering and confusing to set the Role based authorization on their webpages. This is not a critical task but needs your attention to develop this part. Learn on Setting the Role based access authorization to your webpages in ASP.NET
How to Set the Role based access authorization to your webpages in ASP.NET
Now will dig into the Role based authorization step by step. Suppose, If you are developing one web application and you are almost donewith the authentication part and you need to implement the Page Authorization for all the webpages existed in your application. As you are aleady logged into the the application, your authentication may be windows or Sqlserver, but now have the RoleID.
First you need to define and maintain the database table's like Roles and PageAccess to map the roleID and pageaccess ID to access the page. Based on the RoleID and Pagename, you need to get the details from the database that is Access type to check the condition on a current webpage. The GetPageAccessType method implementaion goes like as below.
Interact the database and get the access type details:
public int GetPageAccessType(int roleID, string pageName)
{
try
{
int accessType = 0;
var accessTypes = from item in entitiyContext.PG_ACSS
where item.ROL.ROL_ID == roleID && string.Compare(item.MENU.MENU_TXT, pageName, true) == 0
select item.ACSS_TYP.ACSS_TYP_ID;
foreach (int value in accessTypes)
{
accessType = value;
}
return accessType;
}
catch (Exception ex)
{
LogHandler.LogError(ex, string.Empty, " UserManagement ", "GetAccessType");
return 0;
}
} Set role based access to the page:
Next step, what I am doing is calling the above GetAccessType() method and return the pageAccessType. Once I get the Page access type I am checking the condition by using switch case weather the current user having Read or Write or No access for the Page.
private void SetRoleBasedAccess()
{
try
{
int pageAccessType = GetAccessType(RoleID, "PageName");
switch (pageAccessType)
{
case 1: //Read Access
{
SetActionFieldsStatus(false);
break;
}
case 2: //Write Access
{
SetActionFieldsStatus(true);
break;
}
case 3: //No-Access
{
Server.Transfer("../Pages/NoAccess.aspx", false);
break;
}
default:
{
Server.Transfer("../Pages/NoAccess.aspx", false);
break;
}
}
}
catch (Exception ex)
{
LogHandler.LogError(ex, USERID, "UserManagement", "SetRoleBasedAccess");
}
} Sets action fields status to page Controls:
Now, based on the above access, need to set the page controls mode, if it a read access needs to set the ReadOnly=true else if it a Write access ReadOnly=False or if you don't want to show the controls you can do Visible=false.
Below SetActionFieldsStatus is called from the above SetRoleBasedAccess() based on the AccessType.
private void SetActionFieldsStatus(bool status)
{
gvUserResults.Columns[0].Visible = status;
gvResults.Columns[1].Visible = status;
userResults.Columns[0].Visible = status;
gvUserRoles.Columns[16].Visible = status;
gvuserModulesData.Columns[5].Visible = status;
txtPhoneNumer.ReadOnly=true;
}