ASP.NET 2.0 Security - Guidance needed

Prem Kumar · Sep 16, 2006

Hi

I am using the security model of ASP.NET 2.0, am trying to do Forms
authentication in my application. I am creating the roles and the users
necessary for the application using the in-built provider model.

Now the question is

1. how to design my application, to make sure that certain pages can only be
accessed by people belonging to certain roles. (Ex: A user of finance group
only can access finance related pages).

2. Also, if the logged on user is of say finance department and if there is
a generic home page for all the users, should i give the links of other
departments in this page, if provided, then what needs to be displayed, when
he tries to access the page??

Is there any other better way of doing this, as am going to do this in an
enterpsrised architecture. kindly let me know.

Thanks
Prem

Cowboy \(Gregory A. Beamer\) · Sep 16, 2006

Prem Kumar said:
Hi

I am using the security model of ASP.NET 2.0, am trying to do Forms
authentication in my application. I am creating the roles and the users
necessary for the application using the in-built provider model.

Now the question is

1. how to design my application, to make sure that certain pages can only
be
accessed by people belonging to certain roles. (Ex: A user of finance
group
only can access finance related pages).

Least programming method:
1. Set up roles using the MS ROle Provider
2. Add users to proper roles
3. Create a web.config file in the directory(ies) that restrict to certain
roles

You can also use the menu control and restrict what they can see in the
menus (what they don't see, they are less likely to want). The web.sitemap
file contains the links for the menu.

2. Also, if the logged on user is of say finance department and if there
is
a generic home page for all the users, should i give the links of other
departments in this page, if provided, then what needs to be displayed,
when
he tries to access the page??

You have a choice. You can add templates for different roles for open pages
so only people with certain roles see certain bits.

Is there any other better way of doing this, as am going to do this in an
enterpsrised architecture. kindly let me know.

I prefer using the MS stuff, where I can, as it makes my life easier.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************

Security guidance needed.	0	Mar 7, 2007
asp.net 2.0 security question	3	Dec 20, 2007
ASP.NET 2.0 with UNC share - security restriction & impersonation	0	Jun 8, 2007
menu bar and banner responsive issues....any guidance is appreciated!	0	Apr 5, 2016
Need Basic ASP.NET Guidance	0	May 11, 2009
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help.	1	Jun 4, 2023
Security Using Access with asp.net	2	Oct 12, 2008
Security Problems in ASP.NET 2.0	0	Jul 25, 2005

ASP.NET 2.0 Security - Guidance needed

Prem Kumar

Cowboy \(Gregory A. Beamer\)

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads