Forms Authentication. Get allowed verb for a role specified in web.config

713 views Asked by At

I've specified verbs for roles in web.config. This works fine, the role observer is redirected to login page if the role tries to post in page Test.aspx. Example:

  <location path="Test1.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" verbs="GET" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Test2.aspx">
    <system.web>
      <authorization>
        <allow roles="Administrator" />
        <allow roles="Observer" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

But this is a bit confusing for the user when trying to POST in page Test.aspx. I want to inform the user that he/she is not allowed to post before actually clicking anything. Something like this:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    If *Not User.Role("Observer").Verbs("Post").Allowed* then
       uiSave.enabled = false
    End if
End Sub

So, the question is: Where can I access this information?

1

There are 1 answers

3
robasta On

Use:

if(User.IsInRole("Observer")){
 //code here
}

Example here

You wont need to check the Verb because you already know that users in the Observer role do not permission to usethe Post verb