I've specified verbs for roles in web.config. This works fine, the role observer is redirected to login page if the role tries to post in page Test.aspx. Example:
<location path="Test1.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<allow roles="Observer" verbs="GET" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Test2.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<allow roles="Observer" />
<deny users="*"/>
</authorization>
</system.web>
</location>
But this is a bit confusing for the user when trying to POST in page Test.aspx. I want to inform the user that he/she is not allowed to post before actually clicking anything. Something like this:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If *Not User.Role("Observer").Verbs("Post").Allowed* then
uiSave.enabled = false
End if
End Sub
So, the question is: Where can I access this information?
Use:
Example here
You wont need to check the Verb because you already know that users in the Observer role do not permission to usethe Post verb