Home/ Questions/Q 8329519
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T01:49:05+00:00

I have web.config entries as shown below. This is for controlling access of users

  • 0

I have web.config entries as shown below. This is for controlling access of users in various roles to various pages.

Admin screen can be access by Hiring Manager and CRM1
Logs screen can be access by CRM3 and Transferee

add key="AdminScreenRoles" value ="Hiring Manager,CRM1"
add key="LogsScreenRoles" value ="CRM3,Transferee "

In future new roles can be given access to Admin screen. Also new pages may be introduced.

I need to ensure that the current user has access to at least one of the pages in the config file. I have the following code. It works. Is there any better/concise/scalable code for this functionality?

List<string> authorizedRolesForAdmin = new List<string>((ConfigurationManager.AppSettings["AdminScreenRoles"]).Split(','));
List<string> authorizedRolesForLogs = new List<string>((ConfigurationManager.AppSettings["LogsScreenRoles"]).Split(','));
if ((authorizedRolesForAdmin.Contains(roleName)) || (authorizedRolesForLogs.Contains(roleName)))
{
    //Has access to at least one page
}

REFERENCE:

  1. Scalable C# Code for Creating Array from Config File
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can definitely significantly simplify your existing code like this:

    var hasOneRole =
    new [] { "Admin", "Log" }
    .SelectMany( screen => ( ConfigurationManager.AppSettings[ screen + "ScreenRoles" ] ?? "" ).Split( ',' ) )
    .Contains( roleName );

    But this is still going to get ugly over time. Web.config just isn’t intended for that kind of stuff. I suggest you put your access control settings in the database.

    • 0