Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / August 2007

Tip: Looking for answers? Try searching our database.

Need advice on handling security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bill Gower - 04 Aug 2007 06:46 GMT
I am validating the users of my web app against a user database in SQL
Server.  I then store the user object in a session variable and pass it
around to the various forms.  I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator".  The role
type determines what forms the user can access and certain privileges in
forms.  I have menus on a master page but I don't want to hide menu items
depending on the role type.  I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?

Bill
Reply to this Message
Alexey Smirnov - 04 Aug 2007 09:14 GMT
> I am validating the users of my web app against a user database in SQL
> Server.  I then store the user object in a session variable and pass it
[quoted text clipped - 6 lines]
> otherwise alert them to the fact that the form is for administrators only.
> What is the best way to do this?

Hi Bill

you can check it in the code-behind

If Not User.IsInRole("Administrator") Then
Response.Write("Only administrators can see this form")
End If

you can set permissions in web.config

<location path="admin.aspx">
       <system.web>
           <authorization>
               <allow roles="Administrator" />
               <deny users="*" />
           </authorization>
       </system.web>
   </location>

Hope this helps
Reply to this Message
Alexey Smirnov - 04 Aug 2007 09:22 GMT
> > I am validating the users of my web app against a user database in SQL
> > Server.  I then store the user object in a session variable and pass it
[quoted text clipped - 27 lines]
>
> Hope this helps

P.S. I assume that you created a FormsAuthenticationTicket with roles
and assigned it the user
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.