Introduction
Iron Speed Designer’s application security is useful for small applications as it allows users and roles to be setup, which enables access to be granted or denied according to the role(s) of the signed-in user.
This article will demonstrate how to easily redirect to different landing pages depending on which role(s) the signed in user has.
Database Schema
Figure 1 – The database schema showing the tables used in this article and the relationships between them.
Application Security
Figure 2 – The security permissions applied for the different pages.
Implementation
Iron Speed Designer makes it easy to catch and handle successful user login events then perform specific actions depending on the signed in user. The ISD security controls allow the signed in user’s ID, name and roles to be retrieved and updated.
For this example, two roles have been created; Admin with ID of 100 and User with ID of 101. As you can see in Figure 2, the Admin role has access to all pages in the app whereas the User role only has access to record the hours they worked.
To redirect according to the user’s role, find the RedirectOnSuccess method in the SignIn.aspx file in the Security directory and enter the following code.
C#:
protected void RedirectOnSuccess()
{
if (!string.IsNullOrEmpty(this.SuccessURL))
{
this.Page.Response.Redirect(this.SuccessURL, false);
}
else
{
string userRoles = BaseClasses.Utils.SecurityControls.GetCurrentUserRoles();
char[] separator = { ';' };
string[] roleTypeID = userRoles.Split(separator, System.StringSplitOptions.RemoveEmptyEntries);
switch (roleTypeID[1])
{
case "100": //Admin
this.Page.Response.Redirect("../ProjectType/ShowProjectTypeTable.aspx");
break;
case "101": //User
this.Page.Response.Redirect("../HoursWorked/ShowHoursWorkedTable.aspx");
break;
default:
this.RedirectOnSuccess_Base();
break;
}
}
}
Visual Basic .NET:
Protected Sub RedirectOnSuccess()
If Not String.IsNullOrEmpty(Me.SuccessURL) Then
Me.Page.Response.Redirect(Me.SuccessURL, False)
Else
Dim userRoles As String = BaseClasses.Utils.SecurityControls.GetCurrentUserRoles()
Dim separator As Char() = {";"c}
Dim roleTypeID As String() = userRoles.Split(separator, System.StringSplitOptions.RemoveEmptyEntries)
Select Case roleTypeID(1)
Case "100"
'Admin
Me.Page.Response.Redirect("../ProjectType/ShowProjectTypeTable.aspx")
Exit Select
Case "101"
'User
Me.Page.Response.Redirect("../HoursWorked/ShowHoursWorkedTable.aspx")
Exit Select
Case Else
Me.RedirectOnSuccess_Base()
Exit Select
End Select
End If
End Sub
When staff in the Admin role sign in, they will be redirected to the project table, whereas when staff in the User role sign in, they will be redirected to the hours worked table.
Figure 3 – The landing page for users in the Admin role.
Figure 4 – The landing page for users in the User role.
Conclusion
The article demonstrated how to easily redirect to different landing pages depending on which role the signed in user has. This example can be built upon to handle a different schema with a user-role join table which allows a user to have multiple roles.
About the Author
Dean Pepper holds a First Class Degree in Computers and Networks and is an experienced developer who currently supports over half a dozen custom business applications using Iron Speed Designer, Visual Studio, SQL Server and Red Gate SQL Compare. He started programming while at secondary school and is proficient in ASP.Net, C#, VB.Net and JavaScript. In his spare time, Dean enjoys mountaineering and ten-pin bowling.
Download Article
View comments on the Iron Speed Forums or download the article in Microsoft Word or PDF format.