TechQA.

Forms Authentication. Get allowed verb for a role specified in web.config

688 views Asked by At

I've specified verbs for roles in web.config. This works fine, the role observer is redirected to login page if the role tries to post in page Test.aspx. Example:

  <location path="Test1.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" verbs="GET" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Test2.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

But this is a bit confusing for the user when trying to POST in page Test.aspx. I want to inform the user that he/she is not allowed to post before actually clicking anything. Something like this:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    If *Not User.Role("Observer").Verbs("Post").Allowed* then
       uiSave.enabled = false
    End if
End Sub

So, the question is: Where can I access this information?

asp.net security authentication http-verbs
Original Q&A
1

There are 1 answers

3
robasta On

Use:

if(User.IsInRole("Observer")){
 //code here
}

Example here

You wont need to check the Verb because you already know that users in the Observer role do not permission to usethe Post verb

Related Questions in ASP.NET

Related Questions in SECURITY

Related Questions in AUTHENTICATION

Related Questions in HTTP-VERBS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions