Export (0) Print
Expand All

WebPartManager.IsAuthorized Method (Type, String, String, Boolean)

Note: This method is new in the .NET Framework version 2.0.

Carries out the final steps in determining whether a control is authorized to be added to a page.

Namespace: System.Web.UI.WebControls.WebParts
Assembly: System.Web (in system.web.dll)

public virtual bool IsAuthorized (
	Type type,
	string path,
	string authorizationFilter,
	bool isShared
)
public boolean IsAuthorized (
	Type type, 
	String path, 
	String authorizationFilter, 
	boolean isShared
)
public function IsAuthorized (
	type : Type, 
	path : String, 
	authorizationFilter : String, 
	isShared : boolean
) : boolean

Parameters

type

The Type of the control being checked for authorization.

path

The relative application path to the source file for the control being authorized, if the control is a user control.

authorizationFilter

An arbitrary string value assigned to the AuthorizationFilter property of a WebPart control, used to authorize whether a control can be added to a page.

isShared

Indicates whether the control being checked for authorization is a shared control, meaning that it is visible to many or all users of the application, and its IsShared property value is set to true.

Return Value

A Boolean value that indicates whether a control is authorized to be added to a page.

Exception typeCondition

ArgumentNullException

type is a null reference (Nothing in Visual Basic).

ArgumentException

type is a user control, and path is either a null reference (Nothing in Visual Basic) or an empty string ("").

- or -

type is not a user control, and path has a value assigned to it.

The IsAuthorized(Type,String,String,Boolean) overload method carries out the final steps in determining whether a control is authorized to be added to a page. The method ensures that type is a valid type, and that path has a value only if the control being checked is a user control. Then it calls the critical OnAuthorizeWebPart method, which raises the AuthorizeWebPart event.

Notes to Inheritors This method can be overridden by inheriting from the WebPartManager class, if you want to provide additional handling when checking authorization. You might want to override the method to check for certain values in the authorizationFilter parameter, and based on the value, return a Boolean value that determines whether the control will be added to a page. For page developers who also want to check for authorization filters and provide custom handling, there is an option for doing this inline in an .aspx page, or in a code-behind file, without having to inherit from any classes. You can declare an alternate event handler in the page for the OnAuthorizeWebPart method of the WebPartManager control. For more details and an example, see the OnAuthorizeWebPart method.

The following code example demonstrates how to override the IsAuthorized method to determine whether a control is authorized to be added to a page.

The first step is to create a filter that can potentially exclude a control. The following Web page contains three ASP.NET server controls in an <asp:webpartzone> element. Notice that the first and second controls have their AuthorizationFilter properties set to different values, and the third does not assign the property. This authorization value can be checked at run time, and the control can be added to the page if the filter matches criteria set by the developer.

<%@ Page Language="C#" %>
<%@ Register Namespace="Samples.AspNet.CS.Controls" 
    TagPrefix="aspSample"%>


<script runat="server">
  
  protected void Page_Load(object sender, EventArgs e)
  {
    foreach (WebPart part in mgr1.WebParts)
    {
      if (mgr1.IsAuthorized(part))
        part.ExportMode = WebPartExportMode.All;
    }
    
  }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
      <aspSample:MyManagerAuthorize ID="mgr1" runat="server"  />
      <asp:WebPartZone ID="WebPartZone1" runat="server">
        <ZoneTemplate>
          <asp:BulletedList 
            ID="BulletedList1" 
            Runat="server"
            DisplayMode="HyperLink" 
            Title="Favorite Links"
            AuthorizationFilter="admin">
            <asp:ListItem Value="http://msdn.microsoft.com">
              MSDN
            </asp:ListItem>
            <asp:ListItem Value="http://www.asp.net">
              ASP.NET
            </asp:ListItem>
            <asp:ListItem Value="http://www.msn.com">
              MSN
            </asp:ListItem>
          </asp:BulletedList>
          <asp:Label ID="Label1" runat="server" 
            Text="Hello World"
            AuthorizationFilter="user" />
          <asp:Calendar ID="Calendar1" runat="server"></asp:Calendar>
        </ZoneTemplate>
      </asp:WebPartZone>
      <hr />
      <asp:Literal ID="Literal1" runat="server"></asp:Literal>
    </div>
    </form>
</body>
</html>

The second step is to override the IsAuthorized(Type,String,String,Boolean) method, and create custom handling for authorization filters. Note that the code first checks whether the property has a value, so that any control that does not assign the AuthorizationFilter property will be added automatically. If a control has a filter, the code returns true only if the filter value is equal to admin. This demonstrates a simple mechanism you can use for displaying certain controls to certain users, depending on their role. While a full example using roles is beyond the scope of this topic, you could use the same logic as the overridden method in this code example, except that you could check whether the current user is in a role that matches the authorization filter value, and then add the control only for that user. This would enable you to create pages where some users would see all the controls, and other users would see only selected controls. This is how the logic that checks the filter might look if you used roles:

[Visual Basic]

If Roles.IsUserInRole(Page.User.Identity.Name, authorizationFilter) Then
  return True
Else
  return False
End If

[C#]

if(Roles.IsUserInRole(Page.User.Identity.Name, authorizationFilter))
    return true;
else
    return false;

For the code example to run, you must compile this source code. You can compile it explicitly and put the resulting assembly in your Web site's Bin folder or the global assembly cache. Alternatively, you can put the source code in your site's App_Code folder, where it will be dynamically compiled at run time. This code example uses the dynamic compile method. For a walkthrough that demonstrates how to compile, see Walkthrough: Developing and Using a Custom Server Control.

using System;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace Samples.AspNet.CS.Controls
{
  public class MyManagerAuthorize : WebPartManager
  {
    public override bool IsAuthorized(Type type, string path, string authorizationFilter, bool isShared)
    {
      if (!String.IsNullOrEmpty(authorizationFilter))
      {
        if (authorizationFilter == "admin")
          return true;
        else
          return false;
      }
      else
        return true;

    }
  }
}

After you load the page in a browser, note that the first control is displayed, because it matches the criteria in the overridden method. The second control is not added to the page, because its filter value is excluded. The third control is added, because it does not have its AuthorizationFilter property set. If you change the property value on the second control to match that of the first control, and then run the page again, the second control is added as well.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0

Community Additions

ADD
Show:
© 2014 Microsoft