Authentication – Assigning Permissions to Roles

H04K0063

Now that we’ve assigned roles to our users, we need to assign permissions to the roles.

The easiest way to do this is through the web.config file, which will allow us to control which pages the roles can access.

But how do we control items beyond pages?  For that we’ll need to do a bit of “role your own” coding.

If all you need is to control page access, you just need to put some entries in your web.config file.  While you can control access to one page at a time, I find that segmenting the groups of pages that each role will need access to into their own directories the easiest way of dealing with page access.

If you do this, all you need is a web.config file in the directory that looks something like

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <authorization>
          <allow roles="role1,role2" />
          <deny users="*" />
        </authorization>
    </system.web>
</configuration>

If you need to protect the root of your application, you’ll need a section similar to the “authorization” section in the existing web.config file.

You can get more elaborate if you want to, but the above code snippet will handle 99% of the situations you’ll run into where you need role based authentication.  If you need to just control access to a directory so that it can only be accessed by any authenticated user, regardless of the role they are in, you would remove the <allow roles…> line and change the <deny users=”*” /> line to <deny users = “?” />.  The * represents ALL users.  The ? represents all users who are not authenticated.

If you need finer grain control and you want it to be dynamic, you’ll need to create a table or a set of tables that define those further permissions.  The table might have the following columns:

  • RoleName – Same role name that is registered with .NET authentication
  • PageName – The page they are accessing
  • Columns that represent the various permissions (Add, View, Edit, etc…)

If you need this kind of system, I would recommend that you take a look at DotNetNuke’s code and see how they implemented this. 

Related Post

  • ASP.NET Assigning a Role to a UserASP.NET Assigning a Role to a User Another function that is not supplied by one of the existing controls in ASP.NET is the ability to assign a user to a role.  For this, we will need to resort to using the APIs. Since we ca...
  • Determine The Role of a User in ASP.NETDetermine The Role of a User in ASP.NET There are several controls that allow you to display content based on the role a user is in, including: - LoginView - LoginStatus And the web.config file allows us to control which pages can ...
  • Forms Authentication – Manual AuthenticationForms Authentication – Manual Authentication I’ve had several occasions in the past where I’ve needed to do my own authentication or I’ve needed to add some additional methods to the authentication process. As easy as Microsoft has made t...
  • DotNetNuke Modules – Creating Base ModulesDotNetNuke Modules – Creating Base Modules Now that we have DotNetNuke installed into Visual Studio we can go ahead and create our first modules. Actually, creating the modules is pretty simple. But it is even easier to do it wrong, which...
  • ASP.NET Authentication – Multiple Domains w/ Same ApplicationASP.NET Authentication – Multiple Domains w/ Same Application In our series about ASP.NET authentication so far we’ve covered all the rather normal cases where you’d want to have the ability to log into different domains attached to the same application.&#...
  • http://www.bubriski.com John Bubriski

    Another option would to create base pages that handle the security for each section, in the case that your directory structure does not mirror your permissions hierarchy.