In asp.net webfrom Is it possible to get the name of the event handler witch will be used to handle the user request using HttpModule:
ex if the user click a button btn i would like to get btn_Click as the name of the event handler. That way i can restrict him if he is not allowed to do such action
Asked
Active
Viewed 471 times
-1
anouar.bagari
- 2,084
- 19
- 30
-
You should make it clear which are the events you want to subscribe. HttpModule can give you some but not all. – Lex Li Jun 02 '12 at 13:46
-
@LexLi i was not enough clare take a look now, i edited my post – anouar.bagari Jun 02 '12 at 14:00
1 Answers
0
Your way of solving the permissions problem is over complicated. There are more standart ways to decide whether a user can execute an action or not, such as writing the suitable logic in the event handlers themselves, not rendering the controls to un-authorized users, and using attributes to limit who can execute your methods, based on his permissions.
This article describes it from all the possible points of view
Your implementation is also possible, and checking that a button was clicked should be enough (why do you care for the event handler? you only need to know the button was clicked, and you can get this informatin from the underlying Request object), however this is really an overkill for a standart task in ASP.NET
YavgenyP
- 2,113
- 14
- 11
-
My actual implementation is based on page filtering i intercept the requested page and look in a set of tables if the user has permission to acces that page or not, doing so, roles or users name are not harde coded, and this way we let the application administrator create new roles and users without making any change in the source code. now i want to have fine grained control by allowing the admin to chose witch action can be exectuted. – anouar.bagari Jun 02 '12 at 14:43
-
yet, my claim stands still. Your way of solving this (by trying to find the event handler) is over complicated. You dont need the event handler, you can check the [event target parameter](http://stackoverflow.com/a/3509755/1394380) to see who caused the postback, and then to add some variable to request which will informt the page it shouldnt execute the event handler, or return anything you wish via the authorize event of the http module. – YavgenyP Jun 02 '12 at 14:53
-
Getting the name of how caused the postback will work fine,but is it possible to do it in HttpModule level so i can map all controls name to actions (delete, add, update..) in a table and filter theme without duplicating the validation code in each event handler – anouar.bagari Jun 02 '12 at 15:17
-
HttpModule will give you only limited information. Look at the link i provided at the comment above. It has 2-3 different ways to get the postbacking control within the page (httpmodule is not aware of controls and therefor will be more limited in this sense). You can create a base page for all of ur pages, and run the provide method there within page_load, to decide what to do. You can adapt the methods provided in the link to query the request within an http module, if you insist. Just iterate through the Request object and look up your controls names to see who caused the postback – YavgenyP Jun 02 '12 at 15:36