Introduction
The access is Page Level, Control Level and the link level. We needed a generic way so that when implemented it is easy for the developers to replicate it for the whole project.
Technology Used: asp.net 1.1, C#, IIS6.0, Visual Studio 2003
Background
In one of the .Net Projects the customer required to control the access based on the role and the user. The access is Page Level, Control Level and the link level. We needed a generic way so that when implemented it is easy for the developers to replicate it for the whole project. I have modifed the code so that it is simple to understand and easily implemented. You can use the code in the following ways.
- Module Level Access Control: Wether a user logged in should be allowed to access the Module
- Page LeveL Access Control: To allow/deny the access for the web page if user permissions
- Feature Level Access Control: In a web page you may have many features, but you would like to give access permission to select users groups
- To hide/disable the server controls like button, link button, hyperlink, textbox, dropdownlist etc.
- To disable/hide the controls in the DataGrid, DataList, Repeater Controls
- The users could be in the group of administrators, operators Sales Reps, Sales Rep Admins etc.
- Apart from this if a user fall under a particular group, it will inherit the properties of that group. If you further fine tune the permissions for that group it could be possibe.
Using the code
private void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
ConfigureAccessRightControls();
}
private void ConfigureAccessRightControls()
{
AccessRight accRight=new AccessRight();
ControlAccessPairCollection controlAccessPairCollection=new ControlAccessPairCollection();
controlAccessPairCollection.Add(ControlAccessPair.Add(btn1, 1));
controlAccessPairCollection.Add(ControlAccessPair.Add(btn2, 2));
controlAccessPairCollection.Add(ControlAccessPair.Add(btn3, 3));
controlAccessPairCollection.Add(ControlAccessPair.Add(hlink1, 4));
controlAccessPairCollection.Add(ControlAccessPair.Add(hlink3, 6));
controlAccessPairCollection.Add(ControlAccessPair.Add(ddl1, 7));
controlAccessPairCollection.Add(ControlAccessPair.Add(ddl3, 9));
accRight.ConfigureAccess(ref controlAccessPairCollection);
}
private void CheckPageAccess()
{
if (!AccessRight.GetAccessRight("Feature", 4))
{
Server.Transfer("../AccessRights/AccessDenied.aspx");
}
}
private void dgCustomer_PreRender(object sender, EventArgs e)
{
AccessRight accRight=new AccessRight();
ControlAccessPairCollection controlAccessPairCollection=new ControlAccessPairCollection();
controlAccessPairCollection.Add(ControlAccessPair.Add("hypPreferred", 1));
controlAccessPairCollection.Add(ControlAccessPair.Add("hypCopy", 0));
accRight.ConfigureAccess(ref dgCustomer, controlAccessPairCollection);
}
#region AccessRight class
public class AccessRight
{
#region AccessRight : Constructor
public AccessRight()
{
}
#endregion
#region Controls Access Rights
public void ConfigureAccess(ref ControlAccessPairCollection collection)
{
for(int iCount=0; iCount<collection.Count; iCount++)
{
ControlAccessPair controlAccessPair=new ControlAccessPair();
controlAccessPair=(ControlAccessPair)collection.Item(iCount);
object webControl=new object();
int iAccessCode;
webControl=controlAccessPair.GetControl;
iAccessCode=controlAccessPair.GetCode;
ConfigureControlAccess(ref webControl, "Feature", iAccessCode);
}
}
#endregion
#region Grid Access Rights
public void ConfigureAccess(ref DataGrid dgGrid, ControlAccessPairCollection collection)
{
foreach (DataGridItem control in dgGrid.Items)
{
for(int iCount=0; iCount<collection.Count; iCount++)
{
ControlAccessPair controlAccessPair=new ControlAccessPair();
controlAccessPair=(ControlAccessPair)collection.Item(iCount);
object obj =(object)control.FindControl((string)controlAccessPair.GetControl);
ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);
}
}
}
#endregion
#region DataList Access Rights
public void ConfigureAccess(ref DataList dList, ControlAccessPairCollection collection)
{
foreach (DataListItem control in dList.Items)
{
for(int iCount=0; iCount<collection.Count; iCount++)
{
ControlAccessPair controlAccessPair=new ControlAccessPair();
controlAccessPair=(ControlAccessPair)collection.Item(iCount);
object obj =(object)control.FindControl((string)controlAccessPair.GetControl);
ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);
}
}
}
#endregion
#region Repeater Access Rights
public void ConfigureAccess(ref Repeater repeater, ControlAccessPairCollection collection)
{
foreach (RepeaterItem control in repeater.Items)
{
for(int iCount=0; iCount<collection.Count; iCount++)
{
ControlAccessPair controlAccessPair=new ControlAccessPair();
controlAccessPair=(ControlAccessPair)collection.Item(iCount);
object obj =(object)control.FindControl((string)controlAccessPair.GetControl);
ConfigureControlAccess(ref obj, "Feature", controlAccessPair.GetCode);
}
}
}
#endregion
#region ConfigureAccess - Given the Cell Numbers
public void ConfigureAccess(ref DataGrid dgGrid,int iGridCellCode, ControlAccessPairCollection collection)
{
for (int iGridCount=0;iGridCount<dgGrid.Items.Count;iGridCount++)
{
TableCell cell=new TableCell();
cell=dgGrid.Items[iGridCount].Cells[iGridCellCode];
for(int iCount=0; iCount<collection.Count; iCount++)
{
ControlAccessPair controlAccessPair=new ControlAccessPair();
controlAccessPair=(ControlAccessPair)collection.Item(iCount);
object webControl=new object();
int iAccessCode;
string CellControlID;
webControl=controlAccessPair.GetControl;
CellControlID=(string)webControl;
iAccessCode=controlAccessPair.GetCode;
if (cell.HasControls())
{
object obj=new object();
obj=cell.FindControl(CellControlID);
ConfigureControlAccess(ref obj,"Feature", iAccessCode);
}
}
}
}
#endregion
#region ConfigureControlAccess
private void ConfigureControlAccess(ref object webControl,string AccessType, int iAccessCode )
{
bool enabled=GetAccessRight(AccessType, iAccessCode);
if (enabled) return;
try
{
switch(webControl.GetType().ToString())
{
case "System.Web.UI.WebControls.TextBox":
{
TextBox txtBox=new TextBox();
txtBox=(TextBox)webControl;
txtBox.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.DropDownList":
{
DropDownList dropDownList=new DropDownList();
dropDownList=(DropDownList)webControl;
dropDownList.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.LinkButton":
{
LinkButton linkButton=new LinkButton();
linkButton=(LinkButton)webControl;
linkButton.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.HyperLink":
{
HyperLink hyperLink=new HyperLink();
hyperLink=(HyperLink)webControl;
hyperLink.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.CheckBox":
{
CheckBox checkBox=new CheckBox();
checkBox=(CheckBox)webControl;
checkBox.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.ListBox":
{
ListBox listBox=new ListBox();
listBox=(ListBox)webControl;
listBox.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.RadioButton":
{
RadioButton radioButton=new RadioButton();
radioButton=(RadioButton)webControl;
radioButton.Enabled=enabled;
break;
}
case "System.Web.UI.WebControls.Button":
{
Button button=new Button();
button=(Button)webControl;
button.Enabled=enabled;
break;
}
case "System.Web.UI.HtmlControls.HtmlAnchor":
{
HtmlAnchor htmlAnchor=new HtmlAnchor();
htmlAnchor=(HtmlAnchor)webControl;
htmlAnchor.Disabled=enabled;
htmlAnchor.Style.Add("cursor","default");
break;
}
case "System.Web.UI.HtmlControls.HtmlButton":
{
HtmlButton htmlButton=new HtmlButton();
htmlButton=(HtmlButton)webControl;
htmlButton.Disabled=!enabled;
break;
}
case "System.Web.UI.HtmlControls.HtmlInputButton":
{
HtmlInputButton htmlButton=new HtmlInputButton();
htmlButton=(HtmlInputButton)webControl;
htmlButton.Disabled=!enabled;
break;
}
case "System.Web.UI.WebControls.DataGrid":
{
DataGrid dataGrid=new DataGrid();
dataGrid=(DataGrid)webControl;
dataGrid.Enabled=enabled;
break;
}
default:
{
break;
}
}
}
catch(System.NullReferenceException nullReferenceException)
{
throw new NullReferenceException("Not a valid cell type or control type.",nullReferenceException);
}
catch(Exception ex)
{
throw ex;
}
}
#endregion
#region GetAccessRight
public static bool GetAccessRight(string AccessType,int iAccessCode)
{
return ManageCache.GetAccessRight(AccessType, iAccessCode);
}
#endregion
}
#endregion
#region ControlAccessPairCollection Class
public class ControlAccessPairCollection:CollectionBase
{
public ControlAccessPairCollection()
{
}
public void Add(ControlAccessPair controlAccessPair)
{
List.Add(controlAccessPair);
}
public void Remove(int index)
{
if (index > Count - 1 || index < 0)
{
}
else
{
List.RemoveAt(index);
}
}
public ControlAccessPair Item(int Index)
{
return (ControlAccessPair) List[Index];
}
}
#endregion
#region ControlAccessPair Class
public class ControlAccessPair
{
private Object custom_control;
private int code;
public ControlAccessPair()
{
}
private ControlAccessPair(object control, int accessCode)
{
custom_control=control;
code=accessCode;
}
public static ControlAccessPair Add(object customControl, int Code)
{
ControlAccessPair controlAccessPair=new ControlAccessPair(customControl,Code);
return controlAccessPair;
}
public void AddControl(object customControl, int Code)
{
custom_control=customControl;
code=Code;
}
public object GetControl
{
get
{
return custom_control;
}
}
public int GetCode
{
get
{
return code;
}
}
}
#endregion
#region Manage Cache Class
public class ManageCache
{
private static ManageCache manageCache;
private static DataSet dsCahce;
static ManageCache()
{
if (manageCache==null)
{
manageCache=new ManageCache();
dsCahce=new DataSet();
}
}
public static bool GetAccessRight(string AccessType,int iAccessCode)
{
return manageCache.AccessRight(AccessType, iAccessCode);
}
private bool AccessRight(string AccessType, int iAccessCode)
{
int typeCode = 1;
GetAccessRightsFromCache();
DataView dview =new DataView();
dview=dsCahce.Tables[0].DefaultView;
dview.RowFilter="ModulePageFeatureCode="+iAccessCode +" and UserTypeCode="+ typeCode;
if (dview.Count==0)
{
return true;
}
else
{
return false;
}
}
public void UpdateAccessRightsCache()
{
dsCahce.Tables.Clear();
GetAccessRightsFromCache();
}
private void GetAccessRightsFromCache()
{
if (dsCahce.Tables.Count==0)
{
GetAccessRights(ref dsCahce);
}
}
private void GetAccessRights(ref DataSet ds)
{
ds.ReadXml(HttpContext.Current.Server.MapPath("AccessRightsData.xml"));
}
}
#endregion
Points of Interest
It was fun do do this code. Anyone can use this code in his project.
History
Feedback on my articel is most welcome. I will be keep this updated depending on the feedback.
You may also want to do
A module to control the features based on module, page or feature to be accessed by administrators. If it is a big application you may need to manage the features, modules, pages and allowable user groups to them.