how can access folder's pages according to roles in c# vs2005 in webconfig

StackOverflow https://stackoverflow.com/questions/14152304

Question

The scenario is :

I am working on role based project in vs2005 and sql server2005. I defined the role in database and added custom role provider. I have two roles like "admin" and "user". I created two folder in project and placed the pages in these folder (admin and user) according to roles. Now I want to add code in web.config for accessing the pages according to roles means admin can see only admin folder pages and user can see only user folder pages.

If I define only one page for admin and one page for user in tag with roles authorization then they work fine. But if I used more than one pages in both folder then I need to define all pages in web.config file for both.

I used location tag like this

<location path="user/userpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="user"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Is there any possibility to assign a role for a folder instead of a page in tag. If yes, Please give some valuable ideas to implement this.

Updates I added these two location tags in my web config

<!--allow admin role members-->
  <location path="admin/adminpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
<!--allow user role members-->
  <location path="user/userpage1.aspx">
    <system.web>
      <authorization>
        <allow roles="user"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
Was it helpful?

Solution

Doesn't the following work for you?

<location path="folder">
    <system.web>
        <authorization>
            <allow roles="user" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

what works for me in the following configuration:

<location path="Content/Images">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<system.web>
    <authorization>
        <allow roles="Admin,Manager,Client" />
        <deny users="?" />
    </authorization>
</system.web>

allowing anonymous access while in general it's not allowed.

Our you can put in a sub folder a separate location-agnostic Web.config:

<system.web>
    <authorization>
        <allow roles="user" />
        <deny users="*" />
    </authorization>
</system.web>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top