I am writing an application whereI would like to implement security using access to the menu items. I have built a couple of tables on my database to store the security configuration information. When the program loads, it queries the database and gets the users ID from the database. It then queries the security tables to get a list of the menu items that the user should have access to. The resulting dataset is a list of the names of the actual menu items that they should have access to. I know that I could do this using a Select Case and checking the value against all of the known menu items but I would prefer to do this programatically so that I wouldn't have to rework my code every time I adda menu item? Is there a way to tell VB.NET to treat a variablename as an actual object name? I copied and pasted some code below to give you an idea of what I am trying to do. Any advice would be appreciated.
sSQL = "SELECT M.Name FROM Menu M, EmployeeMenu EM WHERE(M.ID = EM.MenuID) AND EM.EmployeeID = " + CStr(iUserID)
Dim myCommand2 As New OleDbCommand(sSQL, myConnection)
Dim myReader2 As OleDbDataReader = myCommand2.ExecuteReader()
Try
While myReader2.Read()
'This is where themenu.visible property would be set toTRUE using the name of the menu item located in myReader2.GetString(0)
End While
Catch ex As Exception
Console.WriteLine("ERROR: " + ex.Message)
End Try
John | | Johngeh Tuesday, June 17, 2008 10:12 PM | Hi John, Try this code, it will compare the name of each ToolstripButton in your ToolstripMenu (tsMain) | 1 | ForEachcAsObjectIntsMain.Items | | 2 | IfTypeOf(c)IsToolStripButtonThen | | 3 | WithCType(c,ToolStripButton) | | 4 | If.Name=myReader2.GetString(0)Then | | 5 | .Enabled=True | | 6 | EndIf | | 7 | EndWith | | 8 | | | 9 | EndIf | | 10 | Next |
Ralf - Marked As Answer byRiquel_DongModeratorTuesday, June 24, 2008 3:36 AM
-
| | Ralf de Kleine XCESS Wednesday, June 18, 2008 8:35 AM | Hi, John As I understand, you want to show the menu items according to the user permissions. If you store the name of the menu item in the database, you can access the corresponding menu item from the item collection using the name directly without looping, e.g. While myReader2.Read() Me.MenuStrip.Items(myReader2.GetString(0)).Enable = true End While However, f or providing user authorization and user access checks for the application, Iwould recommendthe Role-based security model, as it ismore flexible, elegantand extensible, it's better than the User-based security model. The Comon LanguageRuntime(CLR) provides goodsupport for the Role-basedsecurity model based on a Windows account or a custom identity.
In the Role-based security model, auser belonging to a particular role can access code, software and resources for which permissions are granted for the role.This model requires the user to be authenticated, once a user is authenticated, we can generate a security principal represent this user's identity, and use this principal to determine the privileges of the user.
For more information about Role-based dsecurity model, you can read these documents:
Role-Based Security in Windows Apps http://www32.brinkster.com/srisamp/netArticles/article_13.htmRole-based Security http://msdn.microsoft.com/en-us/library/52kd59t0.aspxDesigning Role-Based Security Models for .NET http://www.15seconds.com/issue/041208.htmIf you need more information about this, please let me know. Best Regards Zhi-Xin Ye
Please remember to mark the replies as answers if they help and unmark them if they provide no help. - Marked As Answer byRiquel_DongModeratorTuesday, June 24, 2008 3:36 AM
-
| | Zhi-Xin Ye Thursday, June 19, 2008 9:44 AM | Hi John, Try this code, it will compare the name of each ToolstripButton in your ToolstripMenu (tsMain) | 1 | ForEachcAsObjectIntsMain.Items | | 2 | IfTypeOf(c)IsToolStripButtonThen | | 3 | WithCType(c,ToolStripButton) | | 4 | If.Name=myReader2.GetString(0)Then | | 5 | .Enabled=True | | 6 | EndIf | | 7 | EndWith | | 8 | | | 9 | EndIf | | 10 | Next |
Ralf - Marked As Answer byRiquel_DongModeratorTuesday, June 24, 2008 3:36 AM
-
| | Ralf de Kleine XCESS Wednesday, June 18, 2008 8:35 AM | Hi, John As I understand, you want to show the menu items according to the user permissions. If you store the name of the menu item in the database, you can access the corresponding menu item from the item collection using the name directly without looping, e.g. While myReader2.Read() Me.MenuStrip.Items(myReader2.GetString(0)).Enable = true End While However, f or providing user authorization and user access checks for the application, Iwould recommendthe Role-based security model, as it ismore flexible, elegantand extensible, it's better than the User-based security model. The Comon LanguageRuntime(CLR) provides goodsupport for the Role-basedsecurity model based on a Windows account or a custom identity.
In the Role-based security model, auser belonging to a particular role can access code, software and resources for which permissions are granted for the role.This model requires the user to be authenticated, once a user is authenticated, we can generate a security principal represent this user's identity, and use this principal to determine the privileges of the user.
For more information about Role-based dsecurity model, you can read these documents:
Role-Based Security in Windows Apps http://www32.brinkster.com/srisamp/netArticles/article_13.htmRole-based Security http://msdn.microsoft.com/en-us/library/52kd59t0.aspxDesigning Role-Based Security Models for .NET http://www.15seconds.com/issue/041208.htmIf you need more information about this, please let me know. Best Regards Zhi-Xin Ye
Please remember to mark the replies as answers if they help and unmark them if they provide no help. - Marked As Answer byRiquel_DongModeratorTuesday, June 24, 2008 3:36 AM
-
| | Zhi-Xin Ye Thursday, June 19, 2008 9:44 AM | Hi Ralf and Zhi-Xin,
Thank you for taking the time to reply. Both of you had some good suggestions that I implemented to make this work. When I initially implemented this code, it only showed the top most menu level so I had to us a recursion routine that I found to get it to work. The code shown below does exactly what I need.
Zhi-Xin - thanks for your suggestion on the role based security. The articles that you provided links to were very helpful. It took me a while to figure how exactly how IsInRole worked but I have it working now.
Thanks again.
John
| ForEachtAsToolStripItemInMenuStrip.Items |
| GetSubMenus(t,menus) |
| Next |
|
| 'setallmenuitemsvisiblepropertytofalse |
| ForEachtAsToolStripItemInmenus |
| t.Visible=False |
| Next |
|
| sSQL={getlistofmenusthatuserhasaccessto} |
|
| DimmyConnectionAsNewOleDbConnection(sConnString) |
| DimmyCommandAsNewOleDbCommand(sSQL,myConnection) |
| myConnection.Open() |
| DimmyReaderAsOleDbDataReader=myCommand.ExecuteReader() |
|
| Try |
| WhilemyReader.Read() |
| ForEachtAsToolStripItemInmenus |
| Ift.Name=myReader.GetString(0)Then |
| t.Visible=True |
| EndIf |
| Next |
| EndWhile |
|
| myReader.Close() |
| |
| CatchexAsException |
| Debug.WriteLine("ERROR:"+ex.Message) |
|
| EndTry |
|
|
| PublicSubGetSubMenus(ByValCurrentAsToolStripItem,ByRefmenusAsList(OfToolStripItem)) |
|
| Menus.Add(Current) |
| IfTypeOf(Current)IsToolStripMenuItemThen |
| ForEachmenuAsToolStripItemInDirectCast(Current,ToolStripMenuItem).DropDownItems |
| GetSubMenus(menu,menus) |
| Next |
| EndIf |
| EndSub |
John | | Johngeh Tuesday, June 24, 2008 12:04 AM |
|
