I have a database driven menu through which I show the pages a particular role can view. However, If the user types the url he can still view the page.... Can u let me know how i can prevent him from doing that? However, I was trying to check whether the role has access to page through a query and then redirect him to another if he doesn't have.. So, can u let me know the best way i can do this task..
This is what I did
public bool Initi()
{
string currentuser = HttpContext.Current.User.Identity.Name;
string currentPageName = HttpContext.Current.Request.Url.AbsoluteUri;
string connStr1 = "Data Source=NISHANTH-PC\\SQLEXPRESS;Initial Catalog=roletesting;Integrated Security=True";
using (SqlConnection conn1 = new SqlConnection(connStr1))
{
conn1.Open();
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@currentpagename";
param1.SqlDbType = SqlDbType.NVarChar;
param1.Direction = ParameterDirection.Input;
param1.Value = currentPageName;
SqlParameter param = new SqlParameter();
param.ParameterName = "@currentuser";
param.SqlDbType = SqlDbType.NVarChar;
param.Direction = ParameterDirection.Input;
param.Value = currentuser;
string hasaccess = "select PageRole.hasRights from PageRole,
aspnet_UsersInRoles, SubMenu,aspnet_Paths,aspnet_Roles,aspnet_Users where
Submenu.Url=@currentpagename and Submenu.Url = aspnet_Paths.Path and
aspnet_Paths.PathId=PageRole.PathId and PageRole.RoleId = '780c6d23-b321-
43fc-98fe-d2af26b6f069' ";
SqlCommand coi = new SqlCommand(hasaccess, conn1);
coi.Parameters.Add(param1);
coi.Parameters.Add(param);
string a = (string)coi.ExecuteScalar();
if (a == "null" || a == "N")
{
return false;
}
else
return true;
}
I just hardcoded in middle by directly using roleid value..... and then in main I just check if this true or not and do it accordingly. But this seems a lot worse to me though i did it on master page. As I am pretty new to asp.net, i don't know what is the best way to mingle to this. So, can u let me know the best way and also the mistake i did here...
