find out if the user has enough rights to open a page

Discussion in 'ASP .Net Security' started by Corno, May 26, 2005.

  1. Corno

    Corno Guest

    Hi all,

    How do I find out if the current visitor of my page has enough rights to
    open another page on the same server?
    I need this to show a link to that page only when the visitor can actually
    visit that page and will not get an 'access denied' message.

    IOW, I'm looking for the implementation of the following function:

    Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
    'determine if the current user can open the page with the given URL
    End Function

    TIA,

    Corno
    Corno, May 26, 2005
    #1
    1. Advertising

  2. It depends a great deal on how the authorization is being done. Are you
    using Windows ACLs or a custom role-based mechanism or something else?

    Joe K.

    "Corno" <Corno@dds%FAKE%.nl> wrote in message
    news:...
    > Hi all,
    >
    > How do I find out if the current visitor of my page has enough rights to
    > open another page on the same server?
    > I need this to show a link to that page only when the visitor can actually
    > visit that page and will not get an 'access denied' message.
    >
    > IOW, I'm looking for the implementation of the following function:
    >
    > Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
    > 'determine if the current user can open the page with the given URL
    > End Function
    >
    > TIA,
    >
    > Corno
    >
    Joe Kaplan \(MVP - ADSI\), May 26, 2005
    #2
    1. Advertising

  3. Corno

    Rajesh Kumar Guest

    If u r using urs own authentication then the given function is correct but
    in that case you must have stored the access right information regarding
    each page in the database or somewhere else.

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:e4lT7%...
    > It depends a great deal on how the authorization is being done. Are you
    > using Windows ACLs or a custom role-based mechanism or something else?
    >
    > Joe K.
    >
    > "Corno" <Corno@dds%FAKE%.nl> wrote in message
    > news:...
    >> Hi all,
    >>
    >> How do I find out if the current visitor of my page has enough rights to
    >> open another page on the same server?
    >> I need this to show a link to that page only when the visitor can
    >> actually visit that page and will not get an 'access denied' message.
    >>
    >> IOW, I'm looking for the implementation of the following function:
    >>
    >> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
    >> 'determine if the current user can open the page with the given URL
    >> End Function
    >>
    >> TIA,
    >>
    >> Corno
    >>

    >
    >
    Rajesh Kumar, May 27, 2005
    #3
  4. Corno

    Corno Guest

    Yes, I'm using Windows ACL. The webserver runs in an active directory and in
    the web.config of the pages I've configured access rights.
    How would I do it in that case?

    TIA,

    Corno

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:e4lT7%...
    > It depends a great deal on how the authorization is being done. Are you
    > using Windows ACLs or a custom role-based mechanism or something else?
    >
    > Joe K.
    >
    > "Corno" <Corno@dds%FAKE%.nl> wrote in message
    > news:...
    >> Hi all,
    >>
    >> How do I find out if the current visitor of my page has enough rights to
    >> open another page on the same server?
    >> I need this to show a link to that page only when the visitor can
    >> actually visit that page and will not get an 'access denied' message.
    >>
    >> IOW, I'm looking for the implementation of the following function:
    >>
    >> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
    >> 'determine if the current user can open the page with the given URL
    >> End Function
    >>
    >> TIA,
    >>
    >> Corno
    >>

    >
    >
    Corno, May 29, 2005
    #4
  5. The only way I know to do this correctly is to use the AccessCheck Windows
    API function via pinvoke. It is a bit of a pain to set it up, but it should
    give you the most reliable results.

    The other thing you might do is simply impersonate the user and try to
    access the file via a System.IO class, catching the exception if it occurs.
    That is less elegant and possibly slower, but probably a lot easier to
    implement.

    Joe K.


    "Corno" <Corno@dds%FAKE%.nl> wrote in message
    news:%...
    > Yes, I'm using Windows ACL. The webserver runs in an active directory and
    > in the web.config of the pages I've configured access rights.
    > How would I do it in that case?
    >
    > TIA,
    >
    > Corno
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:e4lT7%...
    >> It depends a great deal on how the authorization is being done. Are you
    >> using Windows ACLs or a custom role-based mechanism or something else?
    >>
    >> Joe K.
    >>
    >> "Corno" <Corno@dds%FAKE%.nl> wrote in message
    >> news:...
    >>> Hi all,
    >>>
    >>> How do I find out if the current visitor of my page has enough rights to
    >>> open another page on the same server?
    >>> I need this to show a link to that page only when the visitor can
    >>> actually visit that page and will not get an 'access denied' message.
    >>>
    >>> IOW, I'm looking for the implementation of the following function:
    >>>
    >>> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As
    >>> Boolean
    >>> 'determine if the current user can open the page with the given URL
    >>> End Function
    >>>
    >>> TIA,
    >>>
    >>> Corno
    >>>

    >>
    >>

    >
    >
    Joe Kaplan \(MVP - ADSI\), May 29, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert Wehofer

    Retrieve SQL Server 2000 rights for a user

    Robert Wehofer, Nov 12, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    305
    Robert Wehofer
    Nov 12, 2003
  2. simo sentissi
    Replies:
    1
    Views:
    342
    Bernie Yaeger
    Mar 5, 2004
  3. Corno
    Replies:
    4
    Views:
    400
    Joe Kaplan \(MVP - ADSI\)
    May 29, 2005
  4. =?Utf-8?B?ZGVuZGF2?=

    Developing ASP.NET w/out IIS or Admin Rights

    =?Utf-8?B?ZGVuZGF2?=, Oct 10, 2006, in forum: ASP .Net
    Replies:
    7
    Views:
    693
    Juan T. Llibre
    Jan 23, 2007
  5. Costin GamenÈ›
    Replies:
    1
    Views:
    291
    Peter Otten
    Nov 9, 2010
Loading...

Share This Page