Route access limitation via Web.config via Roles stored in SQL DB (C#, ASP.Net)

Question

I have been struggling to figure out how to authorize access to pages via UserRole table in DB.

I need to assign roles to specific pages on the site trough web.config file

<location path="somepage.aspx">
<system.web>
  <authorization>
    <allow roles="Admin, LabStaff, Manager"/>
    <deny users="?"/>
  </authorization>
</system.web>

My DB Table looks like this

// Roles
Role { RoleID int PK, Name Varchar, Description Varchar, Active }
// UserRoles
UserRole { RoleID int FK, UserID int FK }

I am trying to create custom library that I can reuse in other project as well so my Library contains Classes such as AuthorizeViaActiveDirectory and AuthorizeViaUsersTable

Here is my login.aspx code

 if (gateway.ActiveDirectoryAuthentication(txtbUserName.Text, txtbPassword.Text))
            {
                HttpContext.Current.Session.Timeout = 40;

                var ticket = new FormsAuthenticationTicket(
                        version: 1,
                        name: txtbUserName.Text,
                        issueDate: DateTime.Now,
                        expiration: DateTime.Now.AddMinutes(40),
                        isPersistent: false,
                        userData: txtbUserName.Text);

                var encryptedTicket = FormsAuthentication.Encrypt(ticket);
                var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                HttpContext.Current.Response.Cookies.Add(cookie);

                Response.Redirect(Request.QueryString["ReturnUrl"]);
            }

This is first project that I have take on in C# ASP.NET in over 4 years so please explain the solution in detail just like for a beginner THANK YOU!


Show source
| security   | c#   | asp.net   | user-roles   2017-08-08 22:08 0 Answers

Answers to Route access limitation via Web.config via Roles stored in SQL DB (C#, ASP.Net) ( 0 )

Leave a reply to - Route access limitation via Web.config via Roles stored in SQL DB (C#, ASP.Net)

◀ Go back