Home/ Questions/Q 6896539
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T07:03:23+00:00

I have a route routes.MapPageRoute(clientOrder, Contract/{contractId}/Orders, ~/ContractOrders.aspx); The idea is to authorize user to

  • 0

I have a route

        routes.MapPageRoute("clientOrder", "Contract/{contractId}/Orders",
        "~/ContractOrders.aspx");

The idea is to authorize user to allow access to a certain set of contracts.

For instance user1 has access to pages Contract/001/Orders and Contract/002/Orders
user2 has access only to Contract/003/Orders, etc.

I’m using Forms Authentication and trying restrict access with
CheckUrlAccessForPrinсipal but it checks only physical access to the page not logical.

I tried to check access in Global.asax in Application_AuthorizeRequest but
Request.RequestContext.RouteData there is allways empty so I don’t know the requested contractId. I can parse it manually from HttpRequest object. But it is a very dummy and unraliable solution.

Please advice

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I believe that the only way is to add some code to check the contractId at the ContractOrders.aspx page level and if the Id doesn’t pass the autorization, you manually redirect somewhere to indicate that the access is not granted.

    The built-in mechanism always works at the physical level with route maps, so no matter how your route looks like, the engine always checks the access to the resource the route is mapped to, not the route itself.

    • 0