Home/ Questions/Q 8097693
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T21:50:24+00:00

This can be done by making a new HTTP handler, but is there a

  • 0

This can be done by making a new HTTP handler, but is there a simple way to configure the following?:

  1. Site is setup on basis of user accounts with username say A001, A002….etc.
  2. Once a user logs in they can access their resources in their directory (/A001) etc…which may contain files and images

The issue that I have had using roles and authorization in ASP.NET is that roles are either generic (defined by roles, example anyone logged in may be able to access the resource) or hard coded in the web.config files which is clearly not feasible in a dynamic environment where user accounts are being created:

<authorization>

<allow users="John"/> // allow John only 
<deny users="*"/>  // deny others

</authorization>

Is there a simple way to ensure that only a certain user has access to their folder only?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well using an HTTP Module would be simple enough.

    First this is the request life cycle:

    • Application_BeginRequest.
    • Application_AuthenticateRequest.
    • Application_PostAuthenticateRequest.
    • Application_DefaultAuthentication.
    • Application_AuthorizeRequest.
    • Application_PostAuthorizeRequest.
    • Application_ResolveRequestCache.
    • Application_PostResolveRequestCache.
    • Application_MapRequestHandler. Fired only when the server is running IIS 7 in Integrated Mode and at least >Net Framework 3.0
    • Application_PostMapRequestHandler.
    • Application_AcquireRequestState.
    • Application_PostAcquireRequestState.
    • Application_PreRequestHandlerExecute.
    • The page event handler is executed. (refer to the page life cycle)
    • Application_PostRequestHandlerExecute.
    • Application_ReleaseRequestState.
    • Application_PostReleaseRequestState
    • Application_UpdateRequestCache.
    • Application_PostUpdateRequestCache
    • Application_LogRequest. Fired only when server is IIS 7 Integrated Mode and at least .Net Framework 3.0
    • Application_PostLogRequest. Fired only when server is IIS 7 Integrated Mode and at least .Net Framework 3.0
    • Application_EndRequest.

    For more info: http://msdn.microsoft.com/en-us/library/system.web.httpapplication.aspx

    I think the best event that fits your needs is the Application_AuthorizeRequest

    Here you could get the path being accessed, and you could have a map in your database associating your uses with their allowed paths, something like:

    UserID         Path
userID1        ~/UserFiles/User1
userID2        ~/UserFiles/User2
userID3        ~/UserFiles/User3

    Then in the event read this map and decide if the user should be authorized or not

    • 0