ASP.NET security control

Discussion in 'ASP .Net' started by PK, Jul 31, 2003.

  1. PK

    PK Guest

    Hi All,

    I will be writing an asp.net application which require users to log on
    before they can view the particular information.
    so here the security control is needed and a must for different user who
    have various access level.

    I am wondering what is the best way or a more reliable way to control the
    user ?
    my backend using SQL server.

    thank you.
    PK, Jul 31, 2003
    #1
    1. Advertising

  2. I have a three objects that assist my team in doing exactly that.

    I have a SecurityProvider, Page, SecurityHandler.

    The SecurityHandler is an abstract class that holds IsSecurityValid,
    CanViewPage, RedirectOnFailure, BuildSecurity. The class derived for each
    application must implement these methods.

    When my Page object is loading, it looks through the SecurityProvider
    (mostly static methods) to see if a SecurityHandler was initialized for the
    project (on application start), if it was, it will call IsSecurityValid (if
    failure, call BuildSecurity, if failure call RedirectOnFailure), if the
    security information is valid, it will call CanViewPage, passing the current
    page name for the current request. ( if failure, it calls redirect on
    failure ).

    Now the SecurityHandler stores a table of pagename, security, and special
    permissions that the page object exposes through its Security property (if
    the handler was initialized otherwise an exception is thrown). The page
    developers can also request special permission for pages ( such as can this
    user view change infromation on the page.) The Security property also
    stores (as defined in the BuildSecurity method) data on the specific
    session, such as name, group, role, etc.. that can be easily accessed at the
    page level.

    The security for all our apps are driven by Sql and loaded once during page
    information.

    HTH,

    bill

    "PK" <> wrote in message
    news:#...
    > Hi All,
    >
    > I will be writing an asp.net application which require users to log on
    > before they can view the particular information.
    > so here the security control is needed and a must for different user who
    > have various access level.
    >
    > I am wondering what is the best way or a more reliable way to control the
    > user ?
    > my backend using SQL server.
    >
    > thank you.
    >
    >
    William F. Robertson, Jr., Jul 31, 2003
    #2
    1. Advertising

  3. PK

    PK Guest

    Could you send some sample application for me ?


    "William F. Robertson, Jr." <> wrote in message
    news:u$...
    > I have a three objects that assist my team in doing exactly that.
    >
    > I have a SecurityProvider, Page, SecurityHandler.
    >
    > The SecurityHandler is an abstract class that holds IsSecurityValid,
    > CanViewPage, RedirectOnFailure, BuildSecurity. The class derived for each
    > application must implement these methods.
    >
    > When my Page object is loading, it looks through the SecurityProvider
    > (mostly static methods) to see if a SecurityHandler was initialized for

    the
    > project (on application start), if it was, it will call IsSecurityValid

    (if
    > failure, call BuildSecurity, if failure call RedirectOnFailure), if the
    > security information is valid, it will call CanViewPage, passing the

    current
    > page name for the current request. ( if failure, it calls redirect on
    > failure ).
    >
    > Now the SecurityHandler stores a table of pagename, security, and special
    > permissions that the page object exposes through its Security property (if
    > the handler was initialized otherwise an exception is thrown). The page
    > developers can also request special permission for pages ( such as can

    this
    > user view change infromation on the page.) The Security property also
    > stores (as defined in the BuildSecurity method) data on the specific
    > session, such as name, group, role, etc.. that can be easily accessed at

    the
    > page level.
    >
    > The security for all our apps are driven by Sql and loaded once during

    page
    > information.
    >
    > HTH,
    >
    > bill
    >
    > "PK" <> wrote in message
    > news:#...
    > > Hi All,
    > >
    > > I will be writing an asp.net application which require users to log on
    > > before they can view the particular information.
    > > so here the security control is needed and a must for different user who
    > > have various access level.
    > >
    > > I am wondering what is the best way or a more reliable way to control

    the
    > > user ?
    > > my backend using SQL server.
    > >
    > > thank you.
    > >
    > >

    >
    >
    PK, Aug 1, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick
    Replies:
    2
    Views:
    640
    Steven Cheng[MSFT]
    Oct 1, 2004
  2. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    127
    Dinis Cruz
    Oct 11, 2003
  3. Dinis Cruz
    Replies:
    1
    Views:
    113
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
    Oct 17, 2003
  4. Michael Randrup
    Replies:
    3
    Views:
    284
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Replies:
    1
    Views:
    299
    Dominick Baier
    May 7, 2007
Loading...

Share This Page