1

I have following logic in Admin screen. I need similar logic in Logs screen also. Hence I am planning to move this logic into base page. In base page, how do I recognize the current page? (How do I distinguish between Admin screen and Logs screen?).

Based on the page the value retrieved from the config is different.

What are the different ways to achieve this? What is the best way out of these approaches?

        //Admin Screen
        List<string> authorizedRoles = new List<string>((ConfigurationManager.AppSettings["AdminScreenRoles"]).Split(','))
        if (!authorizedRoles.Contains(userRole))
        {
            Response.Redirect("UnauthorizedPage.aspx");
        }

    //Logs Screen   
        List<string> authorizedRoles = new List<string>((ConfigurationManager.AppSettings["LogsScreenRoles"]).Split(','))
        if (!authorizedRoles.Contains(userRole))
        {
            Response.Redirect("UnauthorizedPage.aspx");
        }
LCJ
  • 22,196
  • 67
  • 260
  • 418

2 Answers2

2

Don't put code in base that recognize the class that inherit it. Add an abstract property that the child will have to override. In base:

public abstract string AppSettingsRolesName { get; }

List<string> authorizedRoles = new List<string>((ConfigurationManager.AppSettings[AppSettingsRolesName]).Split(','))
if (!authorizedRoles.Contains(userRole))
{
    Response.Redirect("UnauthorizedPage.aspx");
}

In Logs:

public override string AppSettingsRolesName 
{
   get { return "LogsScreenRoles"; }
}

In Admin:

public override string AppSettingsRolesName 
{
   get { return "AdminScreenRoles"; }
}
Amiram Korach
  • 13,056
  • 3
  • 28
  • 30
0

The easiest way would be to look into forms authentication, as it will handle all of this for you through a configuration file. There are a number of good articles on this dotted around the web - here's one:

http://ondotnet.com/pub/a/dotnet/2003/01/06/formsauthp1.html

However, if you're looking for a quick fix, the easiest way is to move your code into the base page as you said, and use an interface property to make inherited pages indicate what role type to use - e.g. something along the lines of:

public abstract class BasePage : Page
{
    protected abstract string AuthorisedRoles { get; }

    protected override void  OnLoad(EventArgs e)
    {
        base.OnLoad(e);

        List<string> authorizedRoles = new List<string>((ConfigurationManager.AppSettings[this.AuthorisedRoles]).Split(','));
        if (!authorizedRoles.Contains(userRole))
        {
            Response.Redirect("UnauthorizedPage.aspx");
        }
    }
}

public class LogsPage : BasePage
{
    protected override string AuthorisedRoles
    {
        get { return "LogsScreenRoles"; }
    }
}

public class AdminPagePage : BasePage
{
    protected override string AuthorisedRoles
    {
        get { return "AdminScreenRoles"; }
    }
}

But seriously, look into forms authentication if you want to do it properly - it's not as complicated as it first looks.

bittenbytailfly
  • 233
  • 1
  • 7