Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / December 2007

Tip: Looking for answers? Try searching our database.

Should I use .net's membership, role systems for authentication and     authorization?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
gnewsgroup - 11 Dec 2007 20:01 GMT
I am working on a membership web application,

The logic is like this:

  1. All logged-in users can visit Folder1, Folder2, Folder3, but
only administrators can access the Admin folder.  Desirably, the link
to Admin pages won't even be visible to regular logged-in users.
  2. For pages in Folder1, Folder2, Folder3, some pre-defined actions
(such as edit/delete) can only be done by an administrator.

I was trying to achieve logic 1 without considering 2 by creating a
web.config file underneath Admin folder, and in this web.config, I say

 <system.web>
       <authorization>
           <allow users="admin" />
           <deny users="johndoe" />
           <deny users="smithdoe" />
       </authorization>
   </system.web>

The problem is when Johndoe tries to access the admin page, he is
kicked out right to the Login page of the application.  How do I kick
him back to where he came from?  Also, it's gonna be a problem if I
have to explicitly specify the allowed and denied users.

I think it is more troublesome to implement Logic 2.

I have never done anything using the asp.net membership, role, profile
framework.  Will it greatly ease the implementation of the business
logic?  I would like to know from the experienced before I delve into
the membership, role, profile systems.  We have our own user table in
our database, which does not match the table structure of the
SqlMembership provider's user table.

Thank you very much.
Reply to this Message
Peter Bromberg [C# MVP] - 11 Dec 2007 21:16 GMT
For item 2, if you are going to "let them in" then you might consider using
something like
if( Page.User.IsInRole("Administrator") )
{
// your logic to enable / disable controls here
}

Yes, ASP.NET membership, roles and profiles can definitely speed up and
improve your application development. There's always a learning curve to get
to first base, but it's worth it.
--Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
MetaFinder: http://www.blogmetafinder.com 

> I am working on a membership web application,
>
[quoted text clipped - 32 lines]
>
> Thank you very much.
Reply to this Message
gnewsgroup - 12 Dec 2007 13:19 GMT
On Dec 11, 4:16 pm, Peter Bromberg [C# MVP]
<pbromb...@yahoo.NoSpamMaam.com> wrote:
> For item 2, if you are going to "let them in" then you might consider using
> something like
[quoted text clipped - 11 lines]
> UnBlog:http://petesbloggerama.blogspot.com
> MetaFinder:http://www.blogmetafinder.com

Thank you very much.  Then I guess the .net membership and role is the
way to go.  Gotta look into it.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.