>I've spent a good part of the afternoon searching Google and the newsgroups
>for some sort of answer - so I apologize if I'm asking something that has
>already been asked and answered.
>
>I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
>working on the design of a security framework for other developers in our
>organization to use.
>
>We have a handful of different types of users that are contained in an enum
>called UserTypes.  I'm trying to find a way to specify at a page level what
>types of users can view a given page - basically to prevent someone from
>authenticating and they typing a url to a place they shouldn't be.
>
>The thought I had today was that it would be really cool if I could define a
>custom attribute that used our UserTypes enum to let developers easily tag
>each page with the allowed user types.  I thought that I could then write
>"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
>interrogate the page being requested for it's attribute and then send the
>user to their home page if the request is invalid.
>
>The problem I'm having is figuring out how to write that "something" - a
>Module doesn't seem like it's going to work because it sits in the stream
>before the handler for Page is even created.  I'm thinking a module might
>work, but I'm not sure how to pull that off, and, I'm not sure that I want
>to load the page twice.
>
>So... if anyone can give me a nudge in the right direction, I would really
>appreciate it.  Or - if someone has a better idea on how to accomplish what
>I'm trying to do, that would be cool too.  Is this a bad idea?
>
>Thanks in advance,
>
>Nathan
>

"Scott Allen" <scott@nospam.odetocode.com> wrote in message
news:15pfr152c65rm6lvcjbfrk713vbg9ld2fi@4ax.com...
> Nathan:
>
> You can create a module that hooks the PreRequestExecuteHandler. The
> runtime will have created the Page by this point.
> http://odetocode.com/Blogs/scott/archive/2005/12/09/2604.aspx
>
> Have you looked at the built-in PrincipalPermissionAttribute?
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
>
> On Fri, 30 Dec 2005 16:15:07 -0600, "Nathan"
> <nratcliff@<REMOVE>gmail.com> wrote:
>
>>I've spent a good part of the afternoon searching Google and the
>>newsgroups
>>for some sort of answer - so I apologize if I'm asking something that has
>>already been asked and answered.
>>
>>I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and
>>I'm
>>working on the design of a security framework for other developers in our
>>organization to use.
>>
>>We have a handful of different types of users that are contained in an
>>enum
>>called UserTypes.  I'm trying to find a way to specify at a page level
>>what
>>types of users can view a given page - basically to prevent someone from
>>authenticating and they typing a url to a place they shouldn't be.
>>
>>The thought I had today was that it would be really cool if I could define
>>a
>>custom attribute that used our UserTypes enum to let developers easily tag
>>each page with the allowed user types.  I thought that I could then write
>>"something" (HTTP Handler, Module, etc) to pull the user out of the
>>Context,
>>interrogate the page being requested for it's attribute and then send the
>>user to their home page if the request is invalid.
>>
>>The problem I'm having is figuring out how to write that "something" - a
>>Module doesn't seem like it's going to work because it sits in the stream
>>before the handler for Page is even created.  I'm thinking a module might
>>work, but I'm not sure how to pull that off, and, I'm not sure that I want
>>to load the page twice.
>>
>>So... if anyone can give me a nudge in the right direction, I would really
>>appreciate it.  Or - if someone has a better idea on how to accomplish
>>what
>>I'm trying to do, that would be cool too.  Is this a bad idea?
>>
>>Thanks in advance,
>>
>>Nathan
>>
>