Correct model for role based app?

  • Thread starter Thread starter perplexed
  • Start date Start date
P

perplexed

I'm familiar with membership/roles in ASP.NET 2.0. Rather than the
more common directory restriction, I need page part restrictions.
There are certain parts of my webpages that I need visible if you are
in a particular role. So maybe the "go to billing" button is only
visible if you are in "plan1" role. What is the correct method/model
to implement that type of role restriction?

Will I need to put in a conditional for each component that needs
displays dependent on a role:

if (Roles.IsUserInRole("plan1"))
//display button
else
//don't display button

The problem with the above code is that it won't scale very well. I
may in the future want to add "plan2" to the above. So anyone is plan1
or plan2 sees the button. Plan3 doesn't however. I'd have to go find
all of the conditionals that need plan2 and update them. Is there a
better way?

Thanks,
Brett
 
Thanks but what I really need is more fine grain control. If there are
three roles and content on one page is dependent on different roles,
that means I'll need three "different" checks. The method you have
will display all three pieces of content regardless of a "particular"
role. So on one page it may look like this:

if (Roles.IsUserInRole("plan1"))
//display button1
else
//don't display button1

if (Roles.IsUserInRole("plan2"))
//display button2
else
//don't display button2

if (Roles.IsUserInRole("plan3"))
//display button3
else
//don't display button3
 
I don't understand your issue. With the method you have, and the 2 I
suggested (via the URL), then you have control

private readonly string ROLE_PLAN1 = "plan1";
private readonly string ROLE_PLAN2 = "plan2";
private readonly string ROLE_PLAN3 = "plan3";


this.button1.visible = Roles.IsUserInRole ( ROLE_PLAN1 );
this.button2.visible = Roles.IsUserInRole ( ROLE_PLAN2 );
this.button3.visible = Roles.IsUserInRole ( ROLE_PLAN3 );

this button12.visible = Roles.IsInAnyRole ( new string[] { ROLE_PLAN1 ,
ROLE_PLAN2 } ) ;
this button13.visible = Roles.IsInAnyRole ( new string[] { ROLE_PLAN1 ,
ROLE_PLAN3 } ) ;

this.supersecretbutton.visible = Roles.IsInAllRoles ( new string[] {
ROLE_PLAN1 , ROLE_PLAN2 , ROLE_PLAN3 } ) ;


...

If you need runtime ability to add buttons via roles, that's a different
issue. Doable, but more involved.

Someone correct me if I'm wrong, but there isn't any magic fairy dust, if
you have a button, and it depends on a role, somewhere you have to set the
visible property against a role/set of roles.

The 3 methods should cover the now and future needs as you add more roles.
 
You can try this also:
http://msdn2.microsoft.com/en-gb/library/aa480723.aspx


sloan said:
I don't understand your issue. With the method you have, and the 2 I
suggested (via the URL), then you have control

private readonly string ROLE_PLAN1 = "plan1";
private readonly string ROLE_PLAN2 = "plan2";
private readonly string ROLE_PLAN3 = "plan3";


this.button1.visible = Roles.IsUserInRole ( ROLE_PLAN1 );
this.button2.visible = Roles.IsUserInRole ( ROLE_PLAN2 );
this.button3.visible = Roles.IsUserInRole ( ROLE_PLAN3 );

this button12.visible = Roles.IsInAnyRole ( new string[] { ROLE_PLAN1 ,
ROLE_PLAN2 } ) ;
this button13.visible = Roles.IsInAnyRole ( new string[] { ROLE_PLAN1 ,
ROLE_PLAN3 } ) ;

this.supersecretbutton.visible = Roles.IsInAllRoles ( new string[] {
ROLE_PLAN1 , ROLE_PLAN2 , ROLE_PLAN3 } ) ;


..

If you need runtime ability to add buttons via roles, that's a different
issue. Doable, but more involved.

Someone correct me if I'm wrong, but there isn't any magic fairy dust, if
you have a button, and it depends on a role, somewhere you have to set the
visible property against a role/set of roles.

The 3 methods should cover the now and future needs as you add more roles.




perplexed said:
Thanks but what I really need is more fine grain control. If there are
three roles and content on one page is dependent on different roles,
that means I'll need three "different" checks. The method you have
will display all three pieces of content regardless of a "particular"
role. So on one page it may look like this:

if (Roles.IsUserInRole("plan1"))
//display button1
else
//don't display button1

if (Roles.IsUserInRole("plan2"))
//display button2
else
//don't display button2

if (Roles.IsUserInRole("plan3"))
//display button3
else
//don't display button3
 
You can try this also:http://msdn2.microsoft.com/en-gb/library/aa480723.aspx

Great link. Thanks. It's probably about as close as I can get to what
I need.

I'm going to rethink the design of this project as well. Using the
above will slow it down. Additional role checks in the form layer will
also slow it down (initial suggestion by me). So, getting granular
role checks into the app will slow it down in general, make it more
complicated and add a lot of administration (ie coding maintenance).
I'm going to avoid being so granular just because that's practical.
It's great in theory to display this piece and that piece based on a
role or combination of roles. But unless you have a few people that
understand it really well and know how to code it, doing it alone will
greatly stretch out your project ending date.
 
On a sadder note, I probably won't be able to use the attribute based
authorization described in the above link. I'm on a shared box so no
access AzMan.

However, I don't want to use all of their architecture. Creating a
class that will turn on/off visbility, have controls inherit from it,
and add attributes to the config file may work ok. It will be much
simpler.
 
Back
Top