This documentation is archived and is not being maintained.

WebPartManager.IsAuthorized Method (WebPart)

Carries out the initial steps in determining whether a control is authorized to be added to a page.

Namespace:  System.Web.UI.WebControls.WebParts
Assembly:  System.Web (in System.Web.dll)

public bool IsAuthorized(
	WebPart webPart


Type: System.Web.UI.WebControls.WebParts.WebPart

A WebPart or other server control being checked for authorization.

Return Value

Type: System.Boolean
A Boolean value that indicates whether webPart can be added to a page.


webPart is null.

The IsAuthorized method is the initial method called by the Web Parts control set to check authorization for a WebPart control. It accepts webPart as a parameter, and begins a process that ultimately determines whether the control will be added to a page. Call this method from your code directly when you need to determine whether a given control is authorized.

This method carries out the initial tasks of determining whether the control inherits from the WebPart class or is a GenericWebPart control and, if so, what type of child control it contains. To finish the task of authorization, it calls the IsAuthorized(Type, String, String, Boolean) overload method.

Notes to Callers:

This method is called directly from your code. If you want to gain greater programmatic control over the authorization process, you can override the IsAuthorized(Type, String, String, Boolean) overload method.

The following code example demonstrates how to call the IsAuthorized(WebPart) method from your code to determine whether a control is authorized to be added to a page.

The code example has three parts:

  • A custom WebPartManager control that overrides the IsAuthorized method.

  • A Web page that creates a filter for a WebPart control.

  • An explanation of how to run the code example.

This code example uses a custom WebPartManager control that overrides the IsAuthorized(Type, String, String, Boolean) overload method to provide custom handling of the AuthorizationFilter property. This control checks for a property value of admin and, if the value is present, authorizes the control. If a control has a different value, it is not authorized; controls without the property value are authorized as well, as they are presumed not to be part of the filtering scenario.

For this code example to run, you must compile this source code. You can compile it explicitly and put the resulting assembly in your Web site's Bin folder or the global assembly cache. Alternatively, you can put the source code in your site's App_Code folder, where it will be dynamically compiled at run time. This code example uses the dynamic compile method. For a walkthrough that demonstrates how to compile, see Walkthrough: Developing and Using a Custom Web Server Control.

using System;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace Samples.AspNet.CS.Controls
  public class MyManagerAuthorize : WebPartManager
    public override bool IsAuthorized(Type type, string path, string authorizationFilter, bool isShared)
      if (!String.IsNullOrEmpty(authorizationFilter))
        if (authorizationFilter == "admin")
          return true;
          return false;
        return true;


The second part of the code example creates a filter that can potentially exclude a control. The following Web page contains three ASP.NET server controls in an <asp:webpartzone> element. Notice that the first and second controls have their AuthorizationFilter properties set to different values, and the third does not assign the property. This authorization value can be checked at run time, and the control can be added to the page if the filter matches criteria set by the developer. Notice also that in the Page_Load method, the code calls the IsAuthorized(WebPart) method to determine whether each of the controls is authorized, and if so, it sets each control's ExportMode property.

<%@ Page Language="C#" %>
<%@ Register Namespace="Samples.AspNet.CS.Controls" 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
<script runat="server">

  protected void Page_Load(object sender, EventArgs e)
    foreach (WebPart part in mgr1.WebParts)
      if (mgr1.IsAuthorized(part))
        part.ExportMode = WebPartExportMode.All;


<html xmlns="" >
<head runat="server">
    <title>Untitled Page</title>
    <form id="form1" runat="server">
      <aspSample:MyManagerAuthorize ID="mgr1" runat="server"  />
      <asp:WebPartZone ID="WebPartZone1" runat="server">
            Title="Favorite Links"
            <asp:ListItem Value="">
            <asp:ListItem Value="">
            <asp:ListItem Value="">
          <asp:Label ID="Label1" runat="server" 
            Text="Hello World"
            AuthorizationFilter="user" />
          <asp:Calendar ID="Calendar1" runat="server"></asp:Calendar>
      <hr />
      <asp:Literal ID="Literal1" runat="server"></asp:Literal>

Note that for the code example to work, you must add a setting in the Web.config file to enable exporting Web Parts description files. Ensure that you have a Web.config file in the same directory as the Web page for this code example. Within the <system.web> section, make sure there is a <webParts> element with an enableExport attribute set to true, as in the following markup.

<webParts enableExport="true">



After you load the page in a browser, note that the first control is displayed, because it matches the criteria in the overridden method. The second control is not added to the page, because it is excluded by the filter. The third control is also added, because it does not have its AuthorizationFilter property set. Notice that if you click the verbs menu icon in the title bar of either control, they can both be exported because their respective ExportMode property values were assigned.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0