A
Anders K. Jacobsen [DK]
Hi
Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more detailed
that on page level. Rather component level.
This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in a
sudden datagrid. This is of course not secure enough so therefore the checks
in the events.
This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time this
have come up.
To summerize. I want to avoid this.
private void datagrid_DeleteCommand(object source, DataGridCommandEventArgs
e)
{
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
{
long currentid = Int64.Parse(((Label)e.Item.FindControl("lblid")).Text);
_Service.DeleteItem(currentid);
Databind_datagrid();
}
}
Thanks in regards
Anders, Denmark
Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more detailed
that on page level. Rather component level.
This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in a
sudden datagrid. This is of course not secure enough so therefore the checks
in the events.
This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time this
have come up.
To summerize. I want to avoid this.
private void datagrid_DeleteCommand(object source, DataGridCommandEventArgs
e)
{
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
{
long currentid = Int64.Parse(((Label)e.Item.FindControl("lblid")).Text);
_Service.DeleteItem(currentid);
Databind_datagrid();
}
}
Thanks in regards
Anders, Denmark