Hi.
I decided to implement a mechanism of Role Based Access Control using Azman and enhanced controls. I'll give you an example:
[ControlBuilder(typeof(SecuredControlBuilder))]
public class SecureLinkButton : LinkButton
{
[
Category("General"),
DefaultValue("*"),
Description("The roles for which the control is visible.")
]
public virtual string Roles
{
get
{
string s = (string)ViewState["Roles"];
return (s == null) ? "*" : s;
}
set
{
ViewState["Roles"] = value;
}
}
}
My control builder is the following:
public class SecuredControlBuilder : ControlBuilder
{
private bool _isInRole = false;
public override void Init(TemplateParser parser, ControlBuilder parentBuilder, Type type, string tagName, string id, IDictionary attribs)
{
if (attribs != null && attribs["Roles"] != null)
{
if (attribs["Roles"].ToString() == "*" || HttpContext.Current.User.IsInRole(attribs["Roles"].ToString()))
_isInRole = true;
else _isInRole = false;
}
else
_isInRole = true;
if (_isInRole)
base.Init(parser, parentBuilder, type, tagName, id, attribs);
else
{
attribs = new Dictionary<object, object>(1);
attribs.Add("Visible", false);
base.Init(parser, parentBuilder, type, tagName, id, attribs);
}
}
}So, for all those that do not have the role assigned to the control, the control is not visible and the user cannot perform operations that he is not allowed to. Problem appears when using the control in a page. Whenever I assign a role to the control, I am given the following warning: Warning 1 Generation of designer file failed: Object reference not set to an instance of an object. In designer, it tells me "Error rendering control - test. An unhandled exception has occured. Object reference not set to an instance of an object."
This puzzles me.
![]() |
0 |
![]() |
Hi,
Before answering your question may I ask why you need to do so instead of using the LoginView?
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/ctrlref/login/loginview.aspx
Sincerely,
Allen Chen
Microsoft Online Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
![]() |
0 |
![]() |
We are using this because we want to have multiple available actions on a page. That is, imagine a big ListView (or a similar control) with records, each record having link buttons like Edit, Delete, Authorize, Cancel. A record that is unauthorized would have the actions Edit, Delete, Authorize, each visible for different kind of people. By using Azman, we would give this people various roles so that some of them would be able to insert, some to modify, some to delete, some would be able to authorize, some to cancel an authorized record. The entire application runs in our own intranetwork and we rely on active directory.
![]() |
0 |
![]() |
Hi,
I think it's better to use LoginView. Have you read the above quickstart and test it?
Sincerely,
Allen Chen
Microsoft Online Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
![]() |
0 |
![]() |
I read the specifications of the control. It has one drawback: the fact that it stops after finding the first appropriate role. Our users may be assigned more than one role, and in fact the same user can edit a record and authorize another - for now I'm still thinking how to stop him from authorizing his own record inside the application (now we are stoping them in the database, and be raise an exception in the stored procedure). So, it would be useful for me a control which works like the one you presented me, with the modification of displaying all the templates coresponding to the roles that match. I'll use the reflector and see the mechanisms of that control to see if I can easily replicate the control and modify that behaviour.
I checked now, and for every custom control that has an attribute like the one that I set there, Visual Studio's Designer is unable to display it. When I assign a value to that attribute, I see the "An unhandled exception has occured. Object reference not set to an instance of an object.". Maybe it's a bug in VS.
![]() |
0 |
![]() |
Or should that Control (extended from LinkButton) have it's own Designer?
![]() |
0 |
![]() |
Hi,
DaeMoohn:
I read the specifications of the control. It has one drawback: the fact that it stops after finding the first appropriate role. Our users may be assigned more than one role, and in fact the same user can edit a record and authorize anotherYou can specify rolegroup like this:
<
asp:RoleGroup Roles="Role1,Role2,Role3">Furthermore, you can use one LoginView for one control. Then this control will be shown only if the user is in the role you specified.
Sincerely,
Allen Chen
Microsoft Online Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
![]() |
0 |
![]() |
Thank you very much for this answer. It never crossed my mind to try that. Thanks a lot. I will mark your answer as a solution (although you solution may lead to duplicated code).
![]() |
0 |
![]() |