Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > find out if the user has enough rights to open a page

Reply
Thread Tools

find out if the user has enough rights to open a page

 
 
Corno
Guest
Posts: n/a
 
      05-26-2005
Hi all,

How do I find out if the current visitor of my page has enough rights to
open another page on the same server?
I need this to show a link to that page only when the visitor can actually
visit that page and will not get an 'access denied' message.

IOW, I'm looking for the implementation of the following function:

Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
'determine if the current user can open the page with the given URL
End Function

TIA,

Corno


 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-26-2005
It depends a great deal on how the authorization is being done. Are you
using Windows ACLs or a custom role-based mechanism or something else?

Joe K.

"Corno" <Corno@dds%FAKE%.nl> wrote in message
news:(E-Mail Removed)...
> Hi all,
>
> How do I find out if the current visitor of my page has enough rights to
> open another page on the same server?
> I need this to show a link to that page only when the visitor can actually
> visit that page and will not get an 'access denied' message.
>
> IOW, I'm looking for the implementation of the following function:
>
> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
> 'determine if the current user can open the page with the given URL
> End Function
>
> TIA,
>
> Corno
>



 
Reply With Quote
 
 
 
 
Rajesh Kumar
Guest
Posts: n/a
 
      05-27-2005
If u r using urs own authentication then the given function is correct but
in that case you must have stored the access right information regarding
each page in the database or somewhere else.

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:e4lT7%(E-Mail Removed)...
> It depends a great deal on how the authorization is being done. Are you
> using Windows ACLs or a custom role-based mechanism or something else?
>
> Joe K.
>
> "Corno" <Corno@dds%FAKE%.nl> wrote in message
> news:(E-Mail Removed)...
>> Hi all,
>>
>> How do I find out if the current visitor of my page has enough rights to
>> open another page on the same server?
>> I need this to show a link to that page only when the visitor can
>> actually visit that page and will not get an 'access denied' message.
>>
>> IOW, I'm looking for the implementation of the following function:
>>
>> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
>> 'determine if the current user can open the page with the given URL
>> End Function
>>
>> TIA,
>>
>> Corno
>>

>
>



 
Reply With Quote
 
Corno
Guest
Posts: n/a
 
      05-29-2005
Yes, I'm using Windows ACL. The webserver runs in an active directory and in
the web.config of the pages I've configured access rights.
How would I do it in that case?

TIA,

Corno

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:e4lT7%(E-Mail Removed)...
> It depends a great deal on how the authorization is being done. Are you
> using Windows ACLs or a custom role-based mechanism or something else?
>
> Joe K.
>
> "Corno" <Corno@dds%FAKE%.nl> wrote in message
> news:(E-Mail Removed)...
>> Hi all,
>>
>> How do I find out if the current visitor of my page has enough rights to
>> open another page on the same server?
>> I need this to show a link to that page only when the visitor can
>> actually visit that page and will not get an 'access denied' message.
>>
>> IOW, I'm looking for the implementation of the following function:
>>
>> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As Boolean
>> 'determine if the current user can open the page with the given URL
>> End Function
>>
>> TIA,
>>
>> Corno
>>

>
>



 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-29-2005
The only way I know to do this correctly is to use the AccessCheck Windows
API function via pinvoke. It is a bit of a pain to set it up, but it should
give you the most reliable results.

The other thing you might do is simply impersonate the user and try to
access the file via a System.IO class, catching the exception if it occurs.
That is less elegant and possibly slower, but probably a lot easier to
implement.

Joe K.


"Corno" <Corno@dds%FAKE%.nl> wrote in message
news:%(E-Mail Removed)...
> Yes, I'm using Windows ACL. The webserver runs in an active directory and
> in the web.config of the pages I've configured access rights.
> How would I do it in that case?
>
> TIA,
>
> Corno
>
> "Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
> in message news:e4lT7%(E-Mail Removed)...
>> It depends a great deal on how the authorization is being done. Are you
>> using Windows ACLs or a custom role-based mechanism or something else?
>>
>> Joe K.
>>
>> "Corno" <Corno@dds%FAKE%.nl> wrote in message
>> news:(E-Mail Removed)...
>>> Hi all,
>>>
>>> How do I find out if the current visitor of my page has enough rights to
>>> open another page on the same server?
>>> I need this to show a link to that page only when the visitor can
>>> actually visit that page and will not get an 'access denied' message.
>>>
>>> IOW, I'm looking for the implementation of the following function:
>>>
>>> Public Function CurrentUserCanOpenPage(ByVal TheURL As String) As
>>> Boolean
>>> 'determine if the current user can open the page with the given URL
>>> End Function
>>>
>>> TIA,
>>>
>>> Corno
>>>

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
L A county says enough is enough richard Computer Support 7 02-26-2008 03:27 AM
Enough is enough... Imhotep Computer Security 16 09-28-2005 03:36 PM
find out if the user has enough rights to open a page Corno ASP .Net 4 05-29-2005 06:52 PM
Enough is enough.... ajacobs2 Digital Photography 33 10-05-2003 12:14 PM
Resolution - when is Enough ENOUGH? (a personal view) VT Digital Photography 43 09-12-2003 11:15 AM



Advertisments