I am using MembershipProvider and currently a have 3 roles: User, Super User, Admin.
Also I have pages that can be seen only by Admin and Super User. For these pages a I use configuration in web config:
<location path="Users.aspx">
<system.web>
<authorization>
<allow roles="Admin, Super User"/>
<deny users="*" />
</authorization>
</system.web>
</location>
And this works perfectly fine.
But I have bunch of pages
Evaluations
Actions
Reports
Files
to which a I want separate access. I want grant access to each page individually.
Is there better way to do it than create roles for each page and than assign to these roles?
P.S. I am using ASP.NET, not MVC
Yes, modify your folder structure to be something like this:
- Super User
- Admin
- All
And then you can do stuff like this:
<location path="Super User">
<system.web>
<authorization>
<allow roles="Super User"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Super User/Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Super User/Admin/All">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
And now simply place the pages in the appropriate folders. Per the MSDN Documentation the location element applies to all sub-directories:
Specifies the resource that the contained configuration settings apply to. Using location with a missing path attribute applies the configuration settings to the current directory and all child directories. If location is used with no path attribute and allowOverride is False, configuration settings cannot be altered by Web.config files that are in child directories.
so Super User by definition will have access to all other pages below and so on.