How to show or hide contents of an aspx page based on current user's roles

Question

I have an ASP.NET site where each page has some contents on it and each log-in user has some specific roles. I want to hide and show the contents of the page based on the logged-in user's roles. How can I do that?

P.S.: I know about authentication and authorization for entire forms in ASP.NET; my problem is about the contents of a page.

Do I have to have some .ascx (user controls) and then add them to the .aspx page, and then based on a visibility property and user roles hide and show parts of the aspx page? Or is it accomplished some other way?

Answer 1

I do not want to set the visibility property, because it makes my code dirty and it's not convenient. Suppose I have a Default.aspx page and there are 3 roles:

• Admin
• A
• B

In the Default.aspx page I want to show contents based on user roles,so I use Loginview and it's Templates as shown below:

<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" Runat="Server">
    
    <asp:LoginView runat="server" ID="loginviewControl1">
       <AnonymousTemplate>
            <asp:HyperLink runat="server" ID="lnkLogin" Text="Log In" NavigateUrl="~/Account/Login.aspx"></asp:HyperLink>
       <Anonymous:AnonymousPart ID = "anonym" runat="server" />
       </AnonymousTemplate>
       <LoggedInTemplate>
            <asp:Label runat="server" ID="WelcomeBackMessage"></asp:Label>
        </LoggedInTemplate>
       <RoleGroups>
           <asp:RoleGroup Roles="Admin">
               <ContentTemplate>
                   <Admin:AdminPart ID ="adminContent" runat="server" />
               </ContentTemplate>
           </asp:RoleGroup>
           <asp:RoleGroup Roles="A">
               <ContentTemplate>
                  <RoleA:RoleAPart ID = "RoleAContent" runat="server"/>
               </ContentTemplate>
           </asp:RoleGroup>
           <asp:RoleGroup Roles="B">
               <ContentTemplate>
                 <RoleB:RoleBPart ID = "RoleBContent" runat="server" />
               </ContentTemplate>
           </asp:RoleGroup>
        </RoleGroups>
    </asp:LoginView>
</asp:Content>

RoleB:RoleBPart, RoleA:RoleAPart, and Admin:AdminPart are userControls.

Here is my CS file code:

protected void Page_Load(object sender, EventArgs e)
    {
        
    }

I think it is better than setting visibility because sometimes it gets difficult to handle it. When user with role A logged in the only content which is displayed is RoleA:RoleAPart part.

Answer 2

Shouldn't be too hard: wrap the part(s) of the site that you want to show/hide based on roles in a Panel (or any other element that may fit you to do the job). In your code behind Page_Load (or Page_Init, not sure about that one) do something like

if (Roles.IsUserInRole("rolename")
{
    content.Visible = true;
}
else
{
    content.Visible = false;
}

Where content is the ID of the Panel on your aspx page. The code above could also just be written as

content.Visible = Roles.IsUserInRole("rolename");

Another way of checking for roles, would be

User.IsInRole("rolename")

which is actually the method I prefer to use, because it looks slightly cleaner. The Roles.IsUserInRole method can also be used to check if a specific user has a certain role, but we're not interested in that in this situation.