N
Nathan
I've spent a good part of the afternoon searching Google and the newsgroups
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.
I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
working on the design of a security framework for other developers in our
organization to use.
We have a handful of different types of users that are contained in an enum
called UserTypes. I'm trying to find a way to specify at a page level what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.
The thought I had today was that it would be really cool if I could define a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.
The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.
So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish what
I'm trying to do, that would be cool too. Is this a bad idea?
Thanks in advance,
Nathan
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.
I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
working on the design of a security framework for other developers in our
organization to use.
We have a handful of different types of users that are contained in an enum
called UserTypes. I'm trying to find a way to specify at a page level what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.
The thought I had today was that it would be really cool if I could define a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.
The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.
So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish what
I'm trying to do, that would be cool too. Is this a bad idea?
Thanks in advance,
Nathan