Archive for the ‘ASP.Net’ Tag
Understanding Role-Based, Policy-Based, and Imperative Checks in ASP.Net Core
3 Types:
- Role
- Policy-Based
- Imperative checks
Role
General, top-level, overarching user attribute. Like a job title such as Administrator, Librarian, Student, User.
Role-based authorization is saying: If the user is an Administrator, allows them access to the user management page. It is a simple, role-based authorization.
[Authorize(Roles = "Administrator")]
public IActionResult ManageUsers()
{
return View();
}
Policy-based
Use a set of user claims to fine tune authorization, for consistent enforcement across multiple controllers or actions. Otherwise, check one or two user claims in a specific place.
Think of claims as subordinate, sub attributes of a user. For example, Department: Accounting, Region: Northwest, Degree: PhD.
Say you want to allow access to certain resources to users by the region they are in. You may have a policy called InNorthwestRegion where the claim is Region = Northwest.
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("InNorthwestRegion", policy =>
policy.RequireClaim("Region", "Northwest"));
});
Then, enforce this policy:
[Authorize(Policy = "InNorthwestRegion")]
public IActionResult EditReport()
{
return View();
}
That is a lot cleaner than having to check user claims consistently across multiple controllers:
if (User.HasClaim(c => c.Type == "Region" && c.Value == "Northwest"))
{
// User has the claim, allow access
}
else
{
return Forbid();
}
You can combine roles with policies. For example, only Administrators in the Northwest Region can manage this server. In this case Role = Administrator, Policy = InNorthwestRegion.
[Authorize(Roles = "Administrator")]
[Authorize(Policy = "InNorthwestRegion")]
public IActionResult EditReport()
{
return View();
}
Imperative Check
Used when authorization logic requires more dynamic evaluation. Can be performed using IAuthorizationService, allowing developers to evaluate both user identity and resource properties before granting access.
An example of this could be checking if a user has ownership rights to a specific document before allowing edits.
Site Folder Permission and App Pool Setting for test development sites in IIS 7.5
Folder Permissions for the root folder of the site:
- IUSR (Read, Execute)
- IIS AppPool\<Application Pool Name>(Read, Execute)
In IIS > App Pool > Advanced Settings:
- If using MVC – .Net CLR Version = v4.0
- Load User Profile – False
ASP.Net Gridview Header Styles
Filed under: Uncategorized | Tags: ASP.Net, CSS, Gridview, HeaderStyle
Leave a comment The <HeaderStyle> node in a GridView, only applies to the <tr> element that the framework renders.
To modify the styling of the <th> elements, use a CSS class:
.gridview-header > th { /* css attributes here... */ }
Then apply this class to the HeaderStyle, CssClass attribute:
<HeaderStyle CssClass="gridview-header" />
JavaScriptShadow 