Fredrik Normén's Blog - NSQUARED²
Any fool can write code that a computer can understand. Good programmers write code that humans can understand.

Microsoft Most Valuable Professional
     .Net Framework - ASP.Net - Architecture - Development
 
My Links
About me
Books
Contact me

 

Statistics
Visitors: 11312938
Unique visitors: 680810
Computers Blogs - Blog Top Sites
Bloggtoppen.se
Categories
 
Blogs I Read
Scott Guthrie
Shanku Niyogi
Nikhil Kothari
Brian Goldfarb
Johan Lindfors
Kevin Ransom
Jimmy Nilsson
Dag König
Tom Hollander
Patrik Löwendahl
Mathias Olausson
Peter Blomqvist
 
NOTE: This list of posts will only list the 15 latest posts, to see the rest, select from the Archives located in the menu to the left. The RSS will only list the 10 lastest posts.
Show/Hide Web Parts based on Role
Category:  ASP.Net 2.0

In the PDC bits there was a Roles property added to the WebPart class, but is now removed. The Roles property purpose was to only display the WebPart for the users that belongs to one of the roles specified to the Roles property. In the Beta 1 of VS 2005, there is a new property added to the Webpart, the AuthorizationFilter property. The idea of the AuthorizationFilter property is that you can add a string with your own data for the authorization control of the WebPart. You could for example add a comma separated list with roles that the user must at least belong to one of the roles to have access to the WebPart.

 

Here is an example where a string with roles is added to the AuthorizationFilter property of a Webpart:

 

MySecretWebPart.AuthorizationFilter = "Admin,Users";

 

Or:

 

<cc1:MySecretWebPart AuthorizationFilter="Admin,Users" …/>

 

If you set the AuthorizationFilter to a value, nothing will happen. You have to add your own solution to handle the data that are added to the AuthorizationFilter property. To do that you two options, one is to use the WebPartManager’s OnAutorizeWebpart event or to build your own custom WebPartManager control and override either the OnAuthorizeWebPart method or the IsAuthorized method. In this example I choose to create a custom control. The reason to why I do that is because I don’t want to sign a method to the OnAutorizeWebPart event on all my pages where the WebPartManager exists. Instead I add my own custom WebPartManager that will be used on all the pages and do the authorization for me. As I mention before we can either override the OnAuthorizeWebPart method or the IsAuthosrized method. In my example I choose to override the OnAuthorizeWebPart method, because the IsAuthorized method will call the OnAuthorizeWebPart method if the IsAuthorized method is not overloaded. The following code is an exmaple of a custom WebPartManager that will do a check if the current logged in user belongs to one of the roles that are specified to a WebPart’s AutorizationFilter:

 

using System;

using System.Web.Security;

using System.Web.UI.WebControls.WebParts;

using System.Collections.Generic;

using System.Text;

 

namespace Nsquared2.Web.UI.WebControls.WebParts

{

           public class Nsquared2WebPartManager : WebPartManager

           {

 

        public Nsquared2WebPartManager() { }

 

 

        protected override void OnAuthorizeWebPart(WebPartAuthorizationEventArgs e)

        {

            bool isAuthorized = false;

 

            if( !string.IsNullOrEmpty(e.WebPart.AuthorizationFilter) )

            {

                string[] roles = e.WebPart.AuthorizationFilter.Split(new char[] { ',' });

 

                if (roles.Length > 0)

                {

                    if (Roles.Enabled)

                        isAuthorized = this.RolesManagerIsUserInRoles(roles);

                    else

                        isAuthorized = this.ContextIsUserInRoles(roles);

                }

            }

 

            e.IsAuthorized = isAuthorized;

        }

 

 

        private bool RolesManagerIsUserInRoles(string[] roles)

        {

            for (int i = 0; i < roles.Length; i++)

            {

                if (Roles.IsUserInRole(roles[i]))

                    return true;

            }

 

            return false;

        }

 

 

 

        private bool ContextIsUserInRoles(string[] roles)

        {

            for (int i = 0; i < roles.Length; i++)

            {

                if( (Context != null) && (Context.User != null))

                    if (Context.User.IsInRole(roles[i]))

                        return true;

            }

 

            return false;

        }

 

    }

}

 

In the example, the OnAuthorizeWebPart method of the WebPartManager class is overridden. This method takes an argument of the type WebPartAuthorizationEventArgs. This event args have two property that are used in the code example, the WebPart property, that holds the WebPart that have the AuthorizationFilter with the roles, and the IsAuthorized property, that is used to set true or false if the WebPart should be displayed on the page or not. I the example there are two methods, the RolesManagerIsUserInRoles and the ContextIsUserInRoles. The RolesManagerIsUserInRoles method will be called if the Roles manager feature in ASP.Net 2.0 is enabled. This method will check against the Roles manager feature if the current user belongs to one of the roles added to the WebPart’s AuthorizationFilter. If the Roles manger feature is not enabled, the ContextIsUserInRoles will be executed. The ContextIsUserInRoles will check if the current logged in user in the current context belongs to one of the specifed roles. If the user belongs to one of the specified roles, the event args IsAuthorized will be set to true and the Webpart will be displayed for the user on the page. If the user doesn't belong to one of the roles, the IsAuthorized property will be set to false, and the WebPart will be hidden from the user.

 

The following example will show page where the custom WebPartManager is used. It also has two WebParts added, the MySecretWebPart1 that have the AuthorizationFilter set to “Admin”, this will be hidden from the user because the user doesn’t belong to the Admin group. The MySecretWebPart2 will be displayed because the user belongs to the Users group:

 

<%@ Page Language="C#" CompileWith="Default.aspx.cs" ClassName="Default_aspx" %>

<%@ Register TagPrefix="cc1" Namespace="Nsquared2.Web.UI.WebControls.WebParts" Assembly="Nsquared2.Web" %>

<html>

<head runat="server">

    <title>Untitled Page</title>

</head>

<body>

    <form id="form1" runat="server">

    <div>

        <cc1:Nsquared2WebPartManager ID="Nsquared2WebPartManager1" Runat="server"></cc1:Nsquared2WebPartManager>

        <asp:WebPartZone ID="WebPartZone1" Runat="server">

            <ZoneTemplate>

                <cc1:MySecretWebPart AuthorizationFilter="Admin" Text="Only Admin will have see this WebPart" runat="server" Id="MySecretWebPart1"></cc1:MySecretWebPart>

                <cc1:MySecretWebPart AuthorizationFilter="Admin,Users" Text="Admin or Users will see this WebPart!" runat="server" Id="MySecretWebPart2"></cc1:MySecretWebPart>

            </ZoneTemplate>

        </asp:WebPartZone>

    </div>

    </form>

</body>

</html>

 

If you want to try out this example, then you can download the source code here: Nsquared2 Current WebPartManager
Posted: Friday, June 04, 2004 - 20:44 GMT+1    Print     E-mail    Comments (5)
   fredrik.nsquared2.com - 2007