How to hide certain button according to user's role when they are lo-gin into the webpage using ASP.NET in c#

In my web page, I have two type of users that are admin and normal users. That are certain pages are not allow for normal users, so I have to hide certain buttons to do so. So please me solve this problem. I'm using ASP.NET in c#. Thanks a lot. Urgent!!

How to hide certain button according to user's role when they are lo-gin into the webpage using ASP.NET in c#
You can either use a Panel to add the button dynamically to it or do as follows:





%26lt;% if(UserIsAdmin) { %%26gt;


%26lt;asp:button id="btnAdmin" runat="server" Text="Text" /%26gt;


%26lt;% } %%26gt;





IMPORTANT NOTE: It is very unwise to simply hide the button. Simply Hiding the button does not mean you have restricted the user from performing the action which the button does.





From my experience, it is better to secure whole pages instead of securing parts of the page IF POSSIBLE. That is to say, Design your application where some pages are fully accessed by the public whereas other pages are accessed only by Admins. This reduces complexity and enhances security a lot.





Hope this helps.
Reply:The key is to use membership and role manager API's, a new feature of asp .net 2.0.





You would create two roles, regular user and admin.If you want to show/hide a button, you can do this:





%26lt;asp:button ID="btn1" runat="server" Text=%26lt;%# User.IsInRole("Administrators") %%26gt; /%26gt;


%26lt;/td%26gt;





Even better would be to use a SiteMap and apply role-based security to the vanigation. Privileged users would see special menu choices conncted to special pages.





There is not enough room here to show all the details. If you have the (free) .NET SDK 2.0 installed, build the quickstart samples and look under asp .net for the topics mentioned here.





It takes an hour to figure out and get familiar, but once you have done that, you can set up navigation, roles, and membership with minimal programming. Very cool indeed.





Don't bother with old ASP - everything takes more work and is more complicated.
Reply:You can do this in C# by doing this (note that you have to setup the roles in the ASP.NET configuration tool):





MembershipUser user = Membership.GetUser();





/*you have to set roles in ASP.NET configuration tool*/


if (user.Role = "restrictedRole")


{


button1.visible = false;


//or whatever restrictions you want to impose on users. =)


}








hope that helps.


http://yummysiliconchips.blogspot.com/
Reply:Assign users by levels, 1-10. This will give you more control in the future for various other tidbits you'll add later. In database system application development we assign users levels to each table based on Admin distributed rights to any given user....





Sherry=1


Bob=2





if (user) = 1 button1.visable=false





etc...





This way you can change users LEVELS without changing code. Create a field in your user table as Level. That would be basic. You could also create a whole new table called "LEVELS" and link it to the userID. This way you can assign users different levels for different pages... We could go father into this but at $250 an hour I probably gave you enough info.
Reply:just store their permissions in a session variable.





Session theVariableName = "Admin or User";





Then in your aspx page put some code in when you display the buttons.





%26lt;%if Session("theVariableName") = "Admin" Then%%26gt;


%26lt;asp:button id="adminButton"/%26gt;


%26lt;%end if%%26gt;





I am rusty on my C# since I have switched to java but I hope you get the picture.