0

ASP.NET C#

I have a question, how can I make an access control to a request provided by a botton, to stop the execution of the function, I need something generic in which it can be configured and say that roles or profiles can access to certain functions request Executed by a button.

I don't want something like that

 protected void DownloadFile_ServerClick(object sender, EventArgs e)
 {
     if (RoleAdmin)
       {
         // do something
       }
 }

I need something that directly validates in the request of the pag when the method is executed, to see if that profile matches with the method stored in the base, so I do for all pag and do not have to put it in hard in each one of the executed methods.

I need the name of fucntion that is request.

public class PageBase : Page
{

 protected override void OnLoad(EventArgs e)
    {


        ***How to capture the function name of request ???***

        if (User.Identity.IsAuthenticated == false) { Response.Redirect("~/Account/login.aspx?ReturnUrl=/admin"); };
        if (!(User.IsInRole("admin") || User.IsInRole("super user"))) { Response.Redirect("/"); };

    }
}
luciano cba
  • 185
  • 2
  • 13

1 Answers1

0

Maybe with this:

public class StaticObjects
{
    public static string UserRole  
    { 
        get
        {
            try
            {
                return (string)HttpContext.Current.Session["UserRole"];
            }
            catch (Exception)
            {
                return "";
            }
        }
        set
        {
            HttpContext.Current.Session["UserRole"]=value;
        }
    }

    public static bool AuthorizeExecution(EventHandler method)
    {
        bool autorized = YourDataBaseQuery(UserRole, method.Method.Name);
        return autorized;
    }
 }
    ////////////////////////////// ANOTHER FILE ///////////////// 
    public static void DownloadFile_ServerClick(object sender, EventArgs e)
    {
        //You send the method itself because it fits the delegate "EventHandler"
        if(!StaticObjects.AuthorizeExecution(DownloadFile_ServerClick))
            return;
    }
Crabax
  • 36
  • 5
  • Yes but you need to put if(!StaticObjects.AuthorizeExecution(DownloadFile_ServerClick)) in the all function that you need to do this. – luciano cba Jan 05 '17 at 15:10
  • I was searching and I found in the PageBase the function "protected override void OnLoad(EventArgs e)", Is called whenever a request is executed. I need to know how I can catch the name of function that is executed on the request to do the control here. This will prevent you from having to place control code in the event functions – luciano cba Jan 05 '17 at 15:12
  • If you have strong naming conventions for your buttons, this type of thing should work http://stackoverflow.com/questions/3175513/on-postback-how-can-i-check-which-control-cause-postback-in-page-init-event – Seano666 Jan 05 '17 at 17:32