ASP.NET 2.0 Security - Guidance needed

Discussion in 'ASP .Net Security' started by Prem Kumar, Sep 16, 2006.

  1. Prem Kumar

    Prem Kumar Guest

    Hi

    I am using the security model of ASP.NET 2.0, am trying to do Forms
    authentication in my application. I am creating the roles and the users
    necessary for the application using the in-built provider model.

    Now the question is

    1. how to design my application, to make sure that certain pages can only be
    accessed by people belonging to certain roles. (Ex: A user of finance group
    only can access finance related pages).

    2. Also, if the logged on user is of say finance department and if there is
    a generic home page for all the users, should i give the links of other
    departments in this page, if provided, then what needs to be displayed, when
    he tries to access the page??

    Is there any other better way of doing this, as am going to do this in an
    enterpsrised architecture. kindly let me know.


    Thanks
    Prem
     
    Prem Kumar, Sep 16, 2006
    #1
    1. Advertising

  2. "Prem Kumar" <> wrote in message
    news:...
    > Hi
    >
    > I am using the security model of ASP.NET 2.0, am trying to do Forms
    > authentication in my application. I am creating the roles and the users
    > necessary for the application using the in-built provider model.
    >
    > Now the question is
    >
    > 1. how to design my application, to make sure that certain pages can only
    > be
    > accessed by people belonging to certain roles. (Ex: A user of finance
    > group
    > only can access finance related pages).


    Least programming method:
    1. Set up roles using the MS ROle Provider
    2. Add users to proper roles
    3. Create a web.config file in the directory(ies) that restrict to certain
    roles

    You can also use the menu control and restrict what they can see in the
    menus (what they don't see, they are less likely to want). The web.sitemap
    file contains the links for the menu.

    > 2. Also, if the logged on user is of say finance department and if there
    > is
    > a generic home page for all the users, should i give the links of other
    > departments in this page, if provided, then what needs to be displayed,
    > when
    > he tries to access the page??


    You have a choice. You can add templates for different roles for open pages
    so only people with certain roles see certain bits.

    > Is there any other better way of doing this, as am going to do this in an
    > enterpsrised architecture. kindly let me know.


    I prefer using the MS stuff, where I can, as it makes my life easier.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    *************************************************
    Think outside of the box!
    *************************************************
     
    Cowboy \(Gregory A. Beamer\), Sep 16, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jm
    Replies:
    3
    Views:
    401
    Kevin Spencer
    Jan 21, 2004
  2. =?Utf-8?B?UGF0cmljay5PLklnZQ==?=

    -ASP.NET Security Issue and Guidance

    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Oct 7, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    326
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=
    Oct 7, 2004
  3. bostonmegarocker

    Some guidance needed

    bostonmegarocker, Jun 30, 2003, in forum: C++
    Replies:
    2
    Views:
    397
    bostonmegarocker
    Jul 1, 2003
  4. Smith

    Security guidance needed.

    Smith, Mar 7, 2007, in forum: ASP .Net Security
    Replies:
    0
    Views:
    110
    Smith
    Mar 7, 2007
  5. Ken Fine
    Replies:
    2
    Views:
    144
    Ken Fine
    Aug 14, 2003
Loading...

Share This Page