current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I created a MVC Application. I created authentication on every controller, and it works. I'm redirected to login page if I'm not the authorize user. I got no problem with authorization(sitemapnode role) for controllers.

Now, I created a ASP.NET Web Form inside my ASP.Net MVC project. I put a reportviewer on the web form. I created a View on MVC, put the asp.net web form inside the iFrame tag, and that also works. I can view the reportviewer when I call the right controller.

BUT, I can still view or access the ASP.NET Web Form (with reportviewer) if I'm not authorized by simply typing the location of the ASP.NET Web Form.

How can I apply authorization on my web forms? Similar to the authorization on MVC. If I'm not the authorized user (let's say the 'admin'), I must be redirected to Login page or I must not be able to access the web form. How do I do that?

share|improve this question
    
i think you should add some code in you web.config asp.net/web-forms/tutorials/security/roles/… –  chenZ Jan 6 at 7:14
    
ahh yes, timothyclifford answer helped –  TheMartianGuy Jan 6 at 7:55
add comment

1 Answer

up vote 1 down vote accepted

Bigger questions is why you need to mix MVC and WebForms but anyway...

MS documentation is probably going to be your biggest help:

http://www.asp.net/web-forms/tutorials/security/roles/role-based-authorization-cs

You can lock down in web.config similar to:

  <location path="YourPage.aspx">    
      <system.web>    
           <authorization>    
               <allow roles="sitemapnode" /> 
           </authorization>    
      </system.web>    
 </location>

Or at a page method level with attributes:

[PrincipalPermission(SecurityAction.Demand, Role = "sitemapnode")]
share|improve this answer
3  
ahhh because in MVC I cannot use ReportViewer, that's why I use web form for the reportviewer then use iframe tag in cshtml in MVC so I can view the reportviewer inside the iframe tag in MVC view –  TheMartianGuy Jan 6 at 7:22
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.