Doubt Restriction ASP.NET C # users [pending]

Question

Doubt Restriction ASP.NET C # users [pending]

Navigation

#1 by (0 votes)
#2 by (0 votes)

0

I need to do a user restriction on an ASP.NET C # application.

In this application, separated by several classifications, I have a table with all form items, with bit fields, so that the restrictions are saved.

But if a user who does not have access to the AccountsPayments form, they will not click, but if they copy or type the url eg: www.teste.com.br/ContasPagar, it will open the page.

I thought about the time of the login, save the user a session, and whether it is student or employee type, and on each page load the check with the database table.

I would like to know if this is the best way, and if there is some other way more practical and fast, and if there will be no problems, as I will save in the session id_user the id of the user, and in the type, if he is a student or confused with multiple users accessing at the same time.

c# asp.net webforms

asked by anonymous 15.02.2018 / 17:39

2 answers

List terms of taxonomies related to post_type specific Wordpress How to migrate to the new version of Realm

score 0 · Answer 1

In this case, you can use an ASP.NET Action Filter, and decorate the classes that will have the filter. First create a folder called Filter, and create a Generic Filter for example, I usually create one for Login, so I guarantee that only logged in users access the pages, and create the specific filters, which would be for you. Example Login filter:

Login Filter

public class LoginFiltro : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        object usuarioLogado = filterContext.HttpContext.Session["Nome"];

        if (usuarioLogado == null)
        {
            filterContext.Result = new RedirectToRouteResult(
                      new RouteValueDictionary(
                          new { action = "Index", controller = "Login" }));
        }
    }
}

No Controller

Then "decorate" the controllers you want to have this login control with:

[LoginFiltro]
public class Login: Controller { }

So all the decorated controllers will first pass through the Filter, but you may want to run at another time. Here has more information.

In your case, you can use this same logic and create specific filters, and within the filter you can search for user access, for example, and if you do not have access to a specific item, you redirect the user to a screen example. You can decorate the controllers with multiple filters.

score 0 · Answer 2

I know you have already solved this but you have a very simple way to solve it.

If you said that you store this in a session , it places that check on your _Layout.cshtml causing it to redirect the user to a page reporting "Access denied!" > on every page you enter:

@if ((Session["AcessoTotal"] == null) || (Session["AcessoTelaContas"] == null))
{
    Response.Redirect("~/AcessoNegado");
    return;
}

Any questions are available!