I've been combing through Google trying to find the answer but not luck.

I'm using Forms authentication. Determining what Roles the current user is
in was the easy part (User.IsInRole). But how does one determine what Roles
are permitted to use a particular ASPX page? (.NET 2.0, VS05)

On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.now> wrote:
> I've been combing through Google trying to find the answer but not luck.
>
> I'm using Forms authentication. Determining what Roles the current user is
> in was the easy part (User.IsInRole). But how does one determine what Roles
> are permitted to use a particular ASPX page? (.NET 2.0, VS05)

I've asked the same question some time ago
http://groups.google.com/group/micro...6bd15d86528b2/

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.now> wrote:
> > I've been combing through Google trying to find the answer but not luck.
> >
> > I'm using Forms authentication. Determining what Roles the current user
is
> > in was the easy part (User.IsInRole). But how does one determine what
Roles
> > are permitted to use a particular ASPX page? (.NET 2.0, VS05)
>
> I've asked the same question some time ago
>
http://groups.google.com/group/micro...6bd15d86528b2/
>

We appear to be on a parallel path. (thanks for the corrective posting in
the other NG.) I noticed WebConfigurationManager before prowling through
Google and the NGs. I too am understandably resistant to that approach.
Seems as though the desired method should be available. After all, what
method does .NET call to determine a user's ability, or lack thereof, to
access a page?

As Alexey was implying in the post in the link that was included, parsing
the web.sitemap might be a way to do that. If you include the roles tag for
you pages, you can determine the roles that are allowed for a giving page.
It's a pain but it's a way to do it. You can use the HTTPConext to get at
the current user.

HTH
S

"MyndPhlyp" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> "Alexey Smirnov" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> On May 31, 9:03 am, "MyndPhlyp" <nob...@homeright.now> wrote:
>> > I've been combing through Google trying to find the answer but not
>> > luck.
>> >
>> > I'm using Forms authentication. Determining what Roles the current user
> is
>> > in was the easy part (User.IsInRole). But how does one determine what
> Roles
>> > are permitted to use a particular ASPX page? (.NET 2.0, VS05)
>>
>> I've asked the same question some time ago
>>
> http://groups.google.com/group/micro...6bd15d86528b2/
>>
>
> We appear to be on a parallel path. (thanks for the corrective posting in
> the other NG.) I noticed WebConfigurationManager before prowling through
> Google and the NGs. I too am understandably resistant to that approach.
> Seems as though the desired method should be available. After all, what
> method does .NET call to determine a user's ability, or lack thereof, to
> access a page?
>
>

On May 31, 10:33 pm, "SAL" <S...@NoNo.com> wrote:
> As Alexey was implying in the post in the link that was included, parsing
> the web.sitemap might be a way to do that. If you include the roles tag for
> you pages, you can determine the roles that are allowed for a giving page.
> It's a pain but it's a way to do it. You can use the HTTPConext to get at
> the current user.

using System.Web.Configuration;

Configuration config =
WebConfigurationManager.OpenWebConfiguration(url);
AuthorizationSection configSection =
(AuthorizationSection)config.GetSection("system.web/authorization");
AuthorizationRuleCollection rules = configSection.Rules;

CommaDelimitedStringCollection allowed = new
CommaDelimitedStringCollection();
CommaDelimitedStringCollection denied = new
CommaDelimitedStringCollection();

for (int i = 0; i < rules.Count; i++)
{
if (rules[i].Roles.Count > 0)
{
if (rules[i].Action.ToString() == "Allow")
allowed.AddRange(rules[i].Roles.ToString().Split(','));
else if (rules[i].Action.ToString() == "Deny")
denied.AddRange(rules[i].Roles.ToString().Split(','));
}
}

Response.Write("Allowed Roles: " + allowed.ToString());
Response.Write("<br />");
Response.Write("Denied Roles: " + denied.ToString());

Note, the url value can be a path to a directory, like "/admin", or a
path to the file, like "/admin/default.aspx". To find if roleName
"IsInRoles", simply use the Contains() method, e.g.
allowed.Contains("roleName").

Enjoy.

Nice.

S

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On May 31, 10:33 pm, "SAL" <S...@NoNo.com> wrote:
>> As Alexey was implying in the post in the link that was included, parsing
>> the web.sitemap might be a way to do that. If you include the roles tag
>> for
>> you pages, you can determine the roles that are allowed for a giving
>> page.
>> It's a pain but it's a way to do it. You can use the HTTPConext to get at
>> the current user.
>
> using System.Web.Configuration;
>
> Configuration config =
> WebConfigurationManager.OpenWebConfiguration(url);
> AuthorizationSection configSection =
> (AuthorizationSection)config.GetSection("system.web/authorization");
> AuthorizationRuleCollection rules = configSection.Rules;
>
> CommaDelimitedStringCollection allowed = new
> CommaDelimitedStringCollection();
> CommaDelimitedStringCollection denied = new
> CommaDelimitedStringCollection();
>
> for (int i = 0; i < rules.Count; i++)
> {
> if (rules[i].Roles.Count > 0)
> {
> if (rules[i].Action.ToString() == "Allow")
> allowed.AddRange(rules[i].Roles.ToString().Split(','));
> else if (rules[i].Action.ToString() == "Deny")
> denied.AddRange(rules[i].Roles.ToString().Split(','));
> }
> }
>
> Response.Write("Allowed Roles: " + allowed.ToString());
> Response.Write("<br />");
> Response.Write("Denied Roles: " + denied.ToString());
>
> Note, the url value can be a path to a directory, like "/admin", or a
> path to the file, like "/admin/default.aspx". To find if roleName
> "IsInRoles", simply use the Contains() method, e.g.
> allowed.Contains("roleName").
>
> Enjoy.
>

"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> using System.Web.Configuration;
>
> Configuration config =
> WebConfigurationManager.OpenWebConfiguration(url);
> AuthorizationSection configSection =
> (AuthorizationSection)config.GetSection("system.web/authorization");
> AuthorizationRuleCollection rules = configSection.Rules;
>
> CommaDelimitedStringCollection allowed = new
> CommaDelimitedStringCollection();
> CommaDelimitedStringCollection denied = new
> CommaDelimitedStringCollection();
>
> for (int i = 0; i < rules.Count; i++)
> {
> if (rules[i].Roles.Count > 0)
> {
> if (rules[i].Action.ToString() == "Allow")
> allowed.AddRange(rules[i].Roles.ToString().Split(','));
> else if (rules[i].Action.ToString() == "Deny")
> denied.AddRange(rules[i].Roles.ToString().Split(','));
> }
> }
>
> Response.Write("Allowed Roles: " + allowed.ToString());
> Response.Write("<br />");
> Response.Write("Denied Roles: " + denied.ToString());
>
> Note, the url value can be a path to a directory, like "/admin", or a
> path to the file, like "/admin/default.aspx". To find if roleName
> "IsInRoles", simply use the Contains() method, e.g.
> allowed.Contains("roleName").

Thanks. Maybe some day, roughly around the same time pigs fly and hell
freezes over, M$ will get around to exposing the method and save us the
trouble (and overhead) of parsing out the web.config.

Who would ever have thought anybody would want to send an authenticated user
back to their previous page, rather than a "not allowed" or login page, if
the user is unauthorized to use the requested page?

On Jun 2, 10:10 pm, "MyndPhlyp" <nob...@homeright.now> wrote:
> Who would ever have thought anybody would want to send an authenticated user
> back to their previous page, rather than a "not allowed" or login page, if
> the user is unauthorized to use the requested page?- Hide quoted text -

It has to be checked on the page

if (!User.IsInRole("Manager") {
Response.Redirect("/");
}