I am failing to find good examples of user and activity based authorization for my ASP.NET web forms site. Currently, i am using user roles in web config to allow/deny access to pages within folders. But this method is proving to be a nightmare to maintain, especially when users come up with special case scenarios, which completely deviate from existing role permissions.

So i am looking for a way to be able to store and retrieve user access rights, from the database and then enforce them on my web site dynamically.

My Second problem is how to show/hide certain site master html from certain users. I was also thinking to store this information in the database, so that these rights are dynamically allocated also. Currently, i am hard coding in my site master code behind the hide/show permissions by saying:

If(isInRole("Admin"){
// Show Everything
}
else
{
// hide certain html
}

So this approach works currently, but is problematic to maintain and not very flexible.

Finally, I was looking at activity based authorization, the pros and cons of which were well described in this article: http://ryankirkman.com/2013/01/31/activity-based-authorization.html. So how would i implement that in my ASP.NET web forms site?

In conclusion there is three things i am after:

  1. Dynamically Control Visibility of HTML elements in my site master page based on user authorization.
  2. Dynamically control user authorization to my aspx pages
  3. Dynamically control user activity based authorization

Any input on this would be highly appreciated. Thank you

Related posts

Recent Viewed