WebPartManager.IsAuthorized Method (Type, String, String, Boolean)
Assembly: System.Web (in system.web.dll)
public: virtual bool IsAuthorized ( Type^ type, String^ path, String^ authorizationFilter, bool isShared )
public boolean IsAuthorized ( Type type, String path, String authorizationFilter, boolean isShared )
public function IsAuthorized ( type : Type, path : String, authorizationFilter : String, isShared : boolean ) : boolean
Parameters
- type
The Type of the control being checked for authorization.
- path
The relative application path to the source file for the control being authorized, if the control is a user control.
- authorizationFilter
An arbitrary string value assigned to the AuthorizationFilter property of a WebPart control, used to authorize whether a control can be added to a page.
- isShared
Indicates whether the control being checked for authorization is a shared control, meaning that it is visible to many or all users of the application, and its IsShared property value is set to true.
Return Value
A Boolean value that indicates whether a control is authorized to be added to a page.The IsAuthorized(Type,String,String,Boolean) overload method carries out the final steps in determining whether a control is authorized to be added to a page. The method ensures that type is a valid type, and that path has a value only if the control being checked is a user control. Then it calls the critical OnAuthorizeWebPart method, which raises the AuthorizeWebPart event.
Notes to Inheritors This method can be overridden by inheriting from the WebPartManager class, if you want to provide additional handling when checking authorization. You might want to override the method to check for certain values in the authorizationFilter parameter, and based on the value, return a Boolean value that determines whether the control will be added to a page. For page developers who also want to check for authorization filters and provide custom handling, there is an option for doing this inline in an .aspx page, or in a code-behind file, without having to inherit from any classes. You can declare an alternate event handler in the page for the OnAuthorizeWebPart method of the WebPartManager control. For more details and an example, see the OnAuthorizeWebPart method.The following code example demonstrates how to override the IsAuthorized method to determine whether a control is authorized to be added to a page.
The first step is to create a filter that can potentially exclude a control. The following Web page contains three ASP.NET server controls in an <asp:webpartzone> element. Notice that the first and second controls have their AuthorizationFilter properties set to different values, and the third does not assign the property. This authorization value can be checked at run time, and the control can be added to the page if the filter matches criteria set by the developer.
The second step is to override the IsAuthorized(Type,String,String,Boolean) method, and create custom handling for authorization filters. Note that the code first checks whether the property has a value, so that any control that does not assign the AuthorizationFilter property will be added automatically. If a control has a filter, the code returns true only if the filter value is equal to admin. This demonstrates a simple mechanism you can use for displaying certain controls to certain users, depending on their role. While a full example using roles is beyond the scope of this topic, you could use the same logic as the overridden method in this code example, except that you could check whether the current user is in a role that matches the authorization filter value, and then add the control only for that user. This would enable you to create pages where some users would see all the controls, and other users would see only selected controls. This is how the logic that checks the filter might look if you used roles:
[Visual Basic]
If Roles.IsUserInRole(Page.User.Identity.Name, authorizationFilter) Then return True Else return False End If
[C#]
if(Roles.IsUserInRole(Page.User.Identity.Name, authorizationFilter))
return true;
else
return false;
For the code example to run, you must compile this source code. You can compile it explicitly and put the resulting assembly in your Web site's Bin folder or the global assembly cache. Alternatively, you can put the source code in your site's App_Code folder, where it will be dynamically compiled at run time. This code example uses the dynamic compile method. For a walkthrough that demonstrates how to compile, see Walkthrough: Developing and Using a Custom Server Control.
After you load the page in a browser, note that the first control is displayed, because it matches the criteria in the overridden method. The second control is not added to the page, because its filter value is excluded. The third control is added, because it does not have its AuthorizationFilter property set. If you change the property value on the second control to match that of the first control, and then run the page again, the second control is added as well.
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.