January 29, 2014

Dynamically add UserControls/WebPart based on User Role

I am building a "dashboard" and want to dynamically load different catalogs based on user roles. I searched quite lot to figure out how to dynamically / programmatically add a DeclarativeCatalogPart to a CatalogZone. But couldn't find out perfect solution. The issues I faced are listed below.
1. The CatalogZone control can only contain CatalogPart controls, so you can't dynamically load controls into this section.
2. Tried to use WebPartsListUserControlPath property, by loading usercontrols programatically based on user role. Eventhough it doesn't throw any error, controls are not properly rendered in run time.

I tried some other things too (except building a "Custom CatalogPart"), but none worked. So I dropped the idea of avoiding hard-coded catalog and solved the issue in the below manner. In this case authorization is not completely database driven, still...

The below approach allows you to set permissions to Web Parts based on user roles. If a user does not have a matching Role the Web Part will not be Visible in the Declarative Catalog. One added advantage of this approch is, if the user is later removed from the role, the Web Parts will disappear from the page.

1. Add event OnAuthorizeWebPart to the WebPartManager
 <asp:WebPartManager ID="WPM" runat="server" OnAuthorizeWebPart="AuthorizeWebParts" Personalization-Enabled="true">

2. Add an AuthorizationFilter tag containing all of the roles that can access that particular control separated by a semi-colon. 
                <asp:CatalogZone ID="cntrlCatalog" HeaderText="Add Charts" runat="server">
                        <asp:DeclarativeCatalogPart ID="declCatalogPart"
                                <asp:Calendar ID="Calendar1" AuthorizationFilter="Administrator; Teacher; Student" title="Calendar" runat="server" />
                                <uc1:intakeNationality runat="server" AuthorizationFilter="Administrator;" Title="Nationality" ID="intakeNationality" />
                                <uc1:searchTest runat="server" AuthorizationFilter="Student;" Title="Search" ID="searchTest" />
3. Add the following AuthorizeWebParts function in the Web Page code file.
    protected void AuthorizeWebParts(object sender, WebPartAuthorizationEventArgs e)
        if (String.IsNullOrEmpty(e.AuthorizationFilter)) return;
        string[] rolesArray = e.AuthorizationFilter.Split(new Char[] { ';' });
        e.IsAuthorized = false;
        foreach (string roleStr in rolesArray)
            if (User.Roles.IsInRole(roleStr)) // Check Current User Role
                e.IsAuthorized = true;
This will work and It is simple. But it will be better if we will be able to set the roles dynamically to each control instead of hard coding it in the page. I will work on it and let you know update sometime later

Also listed below some links about Custom CatalogPart which may be helpful for you to solve this problem in a more efficient manner.