Check out the 'ASP.NET File Manager Access Control' video below which shows how you can control security access for the DevExpress ASP.NET File Manager in the DXperience v2011 volume 1 release:
Watch the video to learn how the new 'Access Control' feature helps you manage the ASPxFileManager's security using rules and role based permissions.
Rules, Roles & Permissions
The ASPxFileManager allows you to define access permissions for folders and files using a set of folder/file access rules using the SettingsPermissions.AccessRules collection. And you can also define Roles to further extend the security access of the ASPxFileManager!
The ASPxFileManager.SettingsPermissions.AccessRules property is a collection of rules. There are two types of rules:
- Folder rules via FileManagerFolderAccessRule object
- File rules via FileManagerFileAccessRule object
An access rule specifies a path to which it is applied and lists permissions like allowed or denied that are associated with this rule. A Rule with a higher index in the AccessRules collection will have a higher priority. And every rule contains these set of properties:
- string Path; // the folder or file path that the rule will apply to. (e.g.: Folder1\SubFolder2). You can use the wildcard '*' symbol to denote 'all files' (e.g. Folder3\*.xml)
- string Role; // allows you to filter rules by a user role (if Role is empty, then the rule will apply to all users)
Roles are applied as a single string using the ASPxFileManager.SettingsPermissions.Role property.
A folder access rule contains these set of permission properties:
- Rights Browse; // is a permission to view folder
- Rights Edit: // is a permission to edit the folder and folder's content
- Rights EditContents // is a permission to edit folder's content
- Rights Upload // is a permission to upload files to the folder
A file access rule contains the next set of permission's properties:
- Rights Browse; // is a permission to view files
- Rights Edit; // is a permission to edit files
- Rights Download; // is a permission to download files
Rights is the enum type: Rights { Allow, Deny, Default }
Examples
Take a look at the ASPX markup code below to learn various access control scenarios:
1. Two file rules 'Deny' editing of any file except if they have a JPG file extension:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsEditing AllowCreate="true" AllowDelete="true" AllowMove="true" AllowRename="true" />
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFileAccessRule Edit="Deny" Path="*" />
<dx:FileManagerFileAccessRule Edit="Allow" Path="*.jpg" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
2. One folder rule to 'Deny' the browse action of the 'Admin' folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Browse="Deny" Path="Admin" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
3. One folder rule to 'Deny' the Edit action of the ReadOnly folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsEditing AllowCreate="true" AllowDelete="true" AllowMove="true" AllowRename="true" />
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Edit="Deny" Path="ReadOnly" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
4. Two folder rules to 'Deny' the upload action for all folders except the UploadFolder folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Upload="Deny" Path="" />
<dx:FileManagerFolderAccessRule Upload="Allow" Path="UploadFolder" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
5. In this sample, only the 'Admin' role is allowed to edit files. All non-admin users are set to 'Deny' the edit action:
Default.aspx:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Edit="Deny" Path="" />
<dx:FileManagerFolderAccessRule Edit="Allow" Path="" Role=”Admin” />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
Default.aspx.cs:
ASPxFileManager1.SettingsPermissions.Role = User.IsAdmin ? “Admin” : string.Empty;
Summary
You can easily set up access rules for folders (including their files and child folders) and individual files using the ASPxFileManager's Rules, Roles and Permissions settings.
Are you excited about the new access control feature of the ASPxFileManager? Drop me a line below with your thoughts, thanks!
Save time and money...
Save time and money with high quality pre-built components for ASP.NET, Windows Forms, WPF, Silverlight and VCL as well as IDE Productivity Tools and Business Application Frameworks, all backed by world-class service and support. Our technologies help you build your best, see complex software with greater clarity, increase your productivity and create stunning applications for Windows and Web in the shortest possible time.
Try a fully-functional version of DXperience for free now: http://www.devexpress.com/Downloads/NET/
Free DevExpress Products - Get Your Copy Today
The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the
DevExpress Support Center at your convenience. We'll be happy to follow-up.