Roles question

[Steven Blair]

I am writing an application using the ASP.NET Configuration Roles and
Users.

The problem I have, in my C# I need to work out which type of user just
logged in. I am currently using:

string[] role = Roles.GetRolesForUser();

This give me a string "Administrator" etc.

My C# code looks like this:

switch(userType)
{
case "Administrator":
//Do soemthing

//and so on...
}

Has anyone come up with a better way for doing this?

The problems I see with this, if the Role is renamed (would be deleted
and recreated to be called "Admin" for example or a new Role is added.

Any help / advice on this would be appreciated.

Regards,

Steven

 

[Nicholas Paldino [.NET/C# MVP]]

Steven,

Do you allow more than one role per person? If you do, then you need to
account for that, and a switch statement won't handle that.

If the role is renamed, then you have to change your code. I mean,
there has to be some level of consistency somewhere.

If you want, you should define aliases for your roles that you will
always use, that are linked to whatever descriptive names you give them.
However, if you use code based security, it doesn't really help, since the
name of your role has to match with the role that you specify in the
attribute.

Hope this helps.

 

[Steven Blair]

Yes a user can belong to more than one group.

Is there an alternative to using code based security, or am I gonna have
to accept a trade off?

I do take your point on board regarding users belonging to more than one
group. I might revisit this and simply setup one user with one role.

Regards,

Steven

 

[Nicholas Paldino [.NET/C# MVP]]

Steven,

There are alternatives, but honestly, why use them when it is baked into
the framework? It's kind of foolish to try and write your own code which
you have to test, debug, maintain, blah, blah, blah.

And even if you don't use role-based security, the issue still remains,
your code isn't psychic. It can't tell if you add new roles which have
specific meanings unless you tell it so.

 

[Steven Blair]

Maybe I am missing soemthing here.

I want to avoid re-inventing the wheel. Ideally, I want to use the
inbuilt security features completely.

My application allows different users varied access on my app, which is
great. But, the problem is, if "Role1" logs in, I need to filter some
data being returned. If "Role" logs in, same again, some filter on the
data.

Is this possible using only the inbuilt security features, or do I have
to add some C# code to cater for problems like this?

My feeling is that code is required on top of the Roles for my
particular problem, and if thats the case, was looking for suggestions
on how to make this as easy as possible.

Thanks again for the help.

Regards,

Steven

 

[Nicholas Paldino [.NET/C# MVP]]

Steven,


Yes, you will need to use some code, but not that much.

You basically do what you have to do. However, your original question
was about what to do when you change the names of the roles, which is what
most of my responses have been referring to.

Basically, you get the roles, and can check what to return based on
those roles. However, the framework will handle the assigning of the roles
for you (in ASP.NET configuration roles), so you shouldn't have to worry
about that part.

What you ^could^ do is have your functions that return data marked with
the PrincipalPermission attribute. You can specify the roles that are
allowed to access the function, and if someone tries to access the function
and is not in the role, then a SecurityException will be thrown.

This would require you to split your functions out into more intricate
groups, but would make security easy.