Dynamic page security authorization?

[Craig Vedur]

Hey,

My client wants to implement some sort of dynamic location role-based
security rule for a web app. Normally, in my web.config, I define the
location authorization rules such as:

<location path="WebForm.aspx">
<system.web>
<authorization><allow roles="Employee" /></authorization>
</system.web>
</location>

However, he wants to build an admin page that will keep track of pages and
role access in a database.

How can you implement this sort of 'dynmaic page authorization'? Obviously,
I can't define the rules in the web.config anymore.

Anybody have any ideas? Is it possible to add these rules at runtime?
Thanks

 

[Pat]

Craig you could have a folder called Admin and under the Admin folder add
the neccesary (aspx)files you want to protect.
And later apply the neccesary Authorization.
Hope that helps
Look at this article at:- http://dotnetbips.com/displayarticle.aspx?id=117
Patrick

 

[Dominick Baier [DevelopMentor]]

Hello Craig,

the Authorize_Request event in the HttpPipeline is what you are looking for.
Here you get information like the identity of the user, his role memberships
and the requested resource. You can dynamically determine if the use is authorized
and cancel the request/pass back 401 if you like.