Wanted: .NET equivalent of PermissionChecker component?

J

Jens Weiermann

Hi!

Anyone knows the ASP.NET equivalent of the PermissionChecker component that
shipped with IIS 5?
Basically, what it does is checking if the current user (using
impersonation!) has access to a specified file.
I've starting playing around with the FileIOPermission class, but this
doesn't seem to do what I need (or I don't understand it).

Any help would be appreciated!

Jens
 
J

Jens Weiermann

Hi Sherif,

http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp
Click to expand...

thanks for the info! However, I don't know how this should help in my case.
I *do* know that the WorkerProcess will check if the requested resource is
accessible when the page is requested. But I'd like to be able to
*programmatically* check permissions to a specific resource.

I'm using the Infragistics WebMenu component to have a nice menu. However,
some users don't have access to certain pages linked to by the menu. So,
I'd like to enumerate the menu items and see if the user does have access,
and if not disable the linked menu item.

In ASP, I would have used the permission checker component to check this;
I'm in need of a .NET way to do this...

Thanks!
Jens
 
S

Sherif ElMetainy

Hello

If you are using impersonation, simply attempting to access the file by
openning it and catching the SecurityException can determine if the current
user has access or not.
This is a simple way, but not the most efficient. But you can cache the
results. For example, cache an array of files that the user can access, for
use in your menu.

bool HasFileAccess(string filename)
{
try
{
FileStream fs = new FileStream(filename, FileMode.Open,
FileAccess.Read, FileShare.ReadWrite);
fs.Close();
return true;
}
catch(SecurityException)
{
return false;
}
}

Otherwise I don't know of another way, except using Interop and calling
windows security API. Note that the above bethod will not work if you are
not using impersonation (i.e. the code is executing with the ASPNET
account).

Best regards,
Sherif
 
J

Jens Weiermann

Hi Sherif,

If you are using impersonation, simply attempting to access the file by
openning it and catching the SecurityException can determine if the current
user has access or not.
Click to expand...

this is what I tried first - but doesn't behave like expected: If the user
doesn't have access to the file, the browser will open the "logon" window
again asking for another authentication; only if this is cancelled three
times, the exception is thrown. This is sure not what I want!
Otherwise I don't know of another way, except using Interop and calling
windows security API. Note that the above bethod will not work if you are
not using impersonation (i.e. the code is executing with the ASPNET
account).
Click to expand...

Ok, I guess that's the way to go. Do you have more details on how this
could be done using API calls?

Thanks!
Jens
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I'm tempted to quit out of frustration 1
Wanted: .NET counterpart of PermissionChecker component! 1
Using .NET 2.0/3.0 component in ASP.NET 1.1 6
New Business Card / Label Print Component .NET Source Code Solution V12.50 Released 0
ASP Net - QueryInterface for interface 0
Problems porting COM component to ASP.Net 2.0 64 bit website 0
Calling a .NET COM+ component from an ASP page. 1
pythonic equivalent of upvar? 3

Members online

Total: 35 (members: 2, guests: 33)
Robots: 656

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top