Click here to Skip to main content
Click here to Skip to main content
Articles » Web Development » ASP.NET » General » Downloads
 
Add your own
alternative version
Go to top

Extending ASP.NET role based Security with Custom Security Module (Permission Based, Page Level Authorization)

, 11 Nov 2011
This project intends to extend the default ASP.NET role based Security to include Permission Based / Page Level Authorization Layer. Works with both ASP.NET and ASP.NET MVC. Permission rules to Allow/Deny access to website resources (like "Folder/File.aspx" or "Controller/Action") are stored in DB.
AadhaarMS.zip
AadhaarMS
Aadhaar.Data
bin
Debug
Aadhaar.Data.dll
Aadhaar.Data.MS.dll
Castle.Core.dll
Castle.DynamicProxy.dll
Castle.DynamicProxy2.dll
Iesi.Collections.dll
log4net.dll
NHibernate.dll
NHibernate.JetDriver.dll
NHibernateProvider.dll
Entity
Components
Mapping
Helper
Properties
Util
ViewModel
Aadhaar.Web
Activities1
Activities2
App_Code
App_Data
AadhaarMS.MDF
AadhaarMS_log.ldf
Bin
Aadhaar.Data.dll
Aadhaar.Data.pdb
Castle.Core.dll
Castle.DynamicProxy.dll
Castle.DynamicProxy2.dll
Iesi.Collections.dll
log4net.dll
NHibernate.dll
NHibernate.JetDriver.dll
NHibernateProvider.dll
Controls
css
Global.asax
images
hdrLogo.jpg
i-bb.gif
i-blc.gif
i-brc.gif
i-l.gif
i-r.gif
i-tb.gif
i-tlc.gif
i-trc.gif
img01.jpg
spacer.gif
install
logs
Superadmin
AadhaarMVC.zip
AadhaarMVC
Aadhaar.Data
bin
Debug
Aadhaar.Data.dll
Aadhaar.Data.MS.dll
Castle.Core.dll
Castle.DynamicProxy.dll
Castle.DynamicProxy2.dll
Iesi.Collections.dll
log4net.dll
NHibernate.dll
NHibernate.JetDriver.dll
NHibernateProvider.dll
Entity
Components
Mapping
Helper
Properties
Util
ViewModel
Aadhaar.MVC
Aadhaar.MVC.csproj.user
App_Data
AadhaarMS.MDF
AadhaarMS_log.ldf
bin
Aadhaar.Data.dll
Aadhaar.Data.pdb
Aadhaar.MVC.dll
Aadhaar.MVC.pdb
Castle.Core.dll
Castle.DynamicProxy.dll
Castle.DynamicProxy2.dll
Iesi.Collections.dll
log4net.dll
NHibernate.dll
NHibernate.JetDriver.dll
NHibernateProvider.dll
Content
images
hdrLogo.jpg
i-bb.gif
i-blc.gif
i-brc.gif
i-l.gif
i-r.gif
i-tb.gif
i-tlc.gif
i-trc.gif
img01.jpg
spacer.gif
Controllers
Global.asax
Models
obj
Debug
Aadhaar.MVC.dll
Aadhaar.MVC.pdb
DesignTimeResolveAssemblyReferences.cache
DesignTimeResolveAssemblyReferencesInput.cache
ResolveAssemblyReference.cache
TempPE
Properties
Scripts
Views
Account
Admin
Error
Home
Shared
Aadhaar.suo
using System;
using System.Collections.Generic;

using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;

/// <summary>
/// Permissions Page for setting up Exclusive Permissions to Webiste Locations
/// </summary>
public partial class Superadmin_Permissions : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            ddnRoleNameR.DataSource = System.Web.Security.Roles.GetAllRoles();
            ddnRoleNameR.DataBind();
            
            foreach(Aadhaar.Data.ViewModel.Activities item in Aadhaar.Data.ADHSecurityHelper.getAllActions())
            {
                ddnActionNameR.Items.Add(new ListItem(item.ControllerName+" - "+item.ActionName,item.Id.ToString()));
                ddnActionIdU.Items.Add(new ListItem(item.ControllerName + " - " + item.ActionName, item.Id.ToString()));
                ddnActionNameR.DataBind();
                ddnActionIdU.DataBind();
                

            }
            rptrPermList.DataSource = Aadhaar.Data.ADHSecurityHelper.getAllPermissions();
            rptrPermList.DataBind();
            rptrActionList.DataSource = Aadhaar.Data.ADHSecurityHelper.getAllActions();
            rptrActionList.DataBind();
            
        }

    }

    /// <summary>
    /// Create a Role based Permission
    /// Required Parameter is RoleName as selected from ddnRoleNameR
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnCreateRolePerm_Click(object sender, EventArgs e)
    {
        if(ddnPermissionType.SelectedIndex==-1)
             ((IErrorMessage)Master).SetError(GetType(), new Exception("Please Select the Permission Type"));
        try
        {
            Aadhaar.Data.ViewModel.Permission perm =  new Aadhaar.Data.ViewModel.Permission();
            perm.Roles = ddnRoleNameR.SelectedItem.Text;
            //perm.User=null;
            
            foreach(Aadhaar.Data.ViewModel.Activities item in Aadhaar.Data.ADHSecurityHelper.getAllActions())
            {
                if(ddnActionNameR.SelectedValue==item.Id.ToString())
                {
                    perm.Controller=item.ControllerName;
                    perm.Action=item.ActionName;
                    perm.ControllerId = item.Id;
                }
            }

            Aadhaar.Data.ADHSecurityHelper.CreatePermission(perm);

            Response.Redirect(Request.RawUrl);
        }
        catch (Exception exc)
        {

            ((IErrorMessage)Master).SetError(GetType(), exc);
        }
    }

    /// <summary>
    /// Create a user Based exclusive Permission for a particular location
    /// The Username is to be input in the txtUserId textbox
    /// Please fill in correct User Id only
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnCreateUsrPerm_Click(object sender, EventArgs e)
    {
        if(ddnPermissionType.SelectedIndex==-1)
             ((IErrorMessage)Master).SetError(GetType(), new Exception("Please Select the Permission Type"));
        try
        {
            Aadhaar.Data.ViewModel.Permission perm =  new Aadhaar.Data.ViewModel.Permission();
            perm.Users=txtUserId.Text;
            //perm.Roles=null;
            
            foreach(Aadhaar.Data.ViewModel.Activities item in Aadhaar.Data.ADHSecurityHelper.getAllActions())
            {
                if(ddnActionIdU.SelectedValue==item.Id.ToString())
                {
                    perm.Controller=item.ControllerName;
                    perm.Action=item.ActionName;
                    perm.ControllerId = item.Id;
                }
            }

            Aadhaar.Data.ADHSecurityHelper.CreatePermission(perm);

            Response.Redirect(Request.RawUrl);
        }
        catch (Exception exc)
        {

            ((IErrorMessage)Master).SetError(GetType(), exc);
        }
    }

    /// <summary>
    /// Adds a Location to database for configuration of exclusive permission
    /// ControllerName refers to "Folder" name and "ActionName" refers to "File" Name in our context
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnCreateAction_Click(object sender, EventArgs e)
    {
        try
        {
            //Remove leading and trailing slashes if any
            string trimControllerName = txtAddActionController.Text.TrimStart('/');
            trimControllerName = trimControllerName.TrimEnd('/');

            Aadhaar.Data.ADHSecurityHelper.CreateAction(trimControllerName, txtAddActionAction.Text);
            
            Response.Redirect(Request.RawUrl);
        }
        catch (Exception exc)
        {

            ((IErrorMessage)Master).SetError(GetType(), exc);
        }
    }

    /// <summary>
    /// Binds the Existing Locations as added into the Actions database for configuration of exclusive Permissions
    /// </summary>
    /// <param name="source"></param>
    /// <param name="e"></param>
    protected void rptrActionList_ItemCommand(object source, RepeaterCommandEventArgs e)
    {
        if (e.CommandName == "deleteAction")
        {
            string id = (string)e.CommandArgument;
            

            try
            {
                int ID = Int32.Parse(id);

                Aadhaar.Data.ADHSecurityHelper.DeleteAction(ID);

                Response.Redirect(Request.RawUrl);
            }
            catch (Exception exc)
            {

                ((IErrorMessage)Master).SetError(GetType(), exc);
            }
        }
    }

    /// <summary>
    /// Deletes a Permission on the basis of Input Id
    /// </summary>
    /// <param name="source"></param>
    /// <param name="e"></param>
    protected void rptrPermList_ItemCommand(object source, RepeaterCommandEventArgs e)
    {
        if (e.CommandName == "deletePerm")
        {
            string id = (string)e.CommandArgument;


            try
            {
                int ID = Int32.Parse(id);

                Aadhaar.Data.ADHSecurityHelper.DeletePermission(ID);

                Response.Redirect(Request.RawUrl);
            }
            catch (Exception exc)
            {

                ((IErrorMessage)Master).SetError(GetType(), exc);
            }
        }
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)

Share

About the Author

amitthk
Software Developer (Senior)
Singapore Singapore
I love programming, reading, and meditation. I like to explore management and productivity.
Follow on   Twitter

| Advertise | Privacy | Mobile
Web02 | 2.8.140921.1 | Last Updated 12 Nov 2011
Article Copyright 2011 by amitthk
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid