'How to show or hide contents of an aspx page based on current user's roles
I have an ASP.NET site where each page has some contents on it and each log-in user has some specific roles. I want to hide and show the contents of the page based on the logged-in user's roles. How can I do that?
P.S.: I know about authentication and authorization for entire forms in ASP.NET; my problem is about the contents of a page.
Do I have to have some .ascx (user controls) and then add them to the .aspx page, and then based on a visibility property and user roles hide and show parts of the aspx page? Or is it accomplished some other way?
Solution 1:[1]
I do not want to set the visibility property, because it makes my code dirty and it's not convenient. Suppose I have a Default.aspx page and there are 3 roles:
- Admin
- A
- B
In the Default.aspx page I want to show contents based on user roles,so I use Loginview and it's Templates as shown below:
<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" Runat="Server">
<asp:LoginView runat="server" ID="loginviewControl1">
<AnonymousTemplate>
<asp:HyperLink runat="server" ID="lnkLogin" Text="Log In" NavigateUrl="~/Account/Login.aspx"></asp:HyperLink>
<Anonymous:AnonymousPart ID = "anonym" runat="server" />
</AnonymousTemplate>
<LoggedInTemplate>
<asp:Label runat="server" ID="WelcomeBackMessage"></asp:Label>
</LoggedInTemplate>
<RoleGroups>
<asp:RoleGroup Roles="Admin">
<ContentTemplate>
<Admin:AdminPart ID ="adminContent" runat="server" />
</ContentTemplate>
</asp:RoleGroup>
<asp:RoleGroup Roles="A">
<ContentTemplate>
<RoleA:RoleAPart ID = "RoleAContent" runat="server"/>
</ContentTemplate>
</asp:RoleGroup>
<asp:RoleGroup Roles="B">
<ContentTemplate>
<RoleB:RoleBPart ID = "RoleBContent" runat="server" />
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
</asp:Content>
RoleB:RoleBPart
, RoleA:RoleAPart
, and Admin:AdminPart
are userControls.
Here is my CS file code:
protected void Page_Load(object sender, EventArgs e)
{
}
I think it is better than setting visibility because sometimes it gets difficult to handle it. When user with role A logged in the only content which is displayed is RoleA:RoleAPart part.
Solution 2:[2]
Shouldn't be too hard: wrap the part(s) of the site that you want to show/hide based on roles in a Panel (or any other element that may fit you to do the job). In your code behind Page_Load (or Page_Init, not sure about that one) do something like
if (Roles.IsUserInRole("rolename")
{
content.Visible = true;
}
else
{
content.Visible = false;
}
Where content is the ID of the Panel on your aspx page. The code above could also just be written as
content.Visible = Roles.IsUserInRole("rolename");
Another way of checking for roles, would be
User.IsInRole("rolename")
which is actually the method I prefer to use, because it looks slightly cleaner. The Roles.IsUserInRole method can also be used to check if a specific user has a certain role, but we're not interested in that in this situation.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | TylerH |
Solution 2 |