S
Steve
We have an ASP.NET application that consists of about 10 forms and we
want to be able to control which user has access to which pages. So
User A should be able to access pages 3, 4 and 10, and User B should
be able to access pages 1, 2 and 9 etc. We also want to be able to
mantain these rules using a set of maintenance tables e.g. add pages,
groups, users and setup which groups have access to which pages.
At the moment we are going down the path of creating a set of classes
to integrate the security in to the front-end, with each page having a
call at the top of the page that passes in the page name and the
user's login name and the object will return either True or False as
to whether they can access the page or not.
The application is currently setup with Anonymous Access off and Basic
Authentication & Integrated Windows Authentication turned on, so that
we can get the users login name for database auditing purposes.
However, I've read bits and pieces on the builtin form authentication
in ASP.NET and I would like to take advantage of it if it will handle
the scenario I have described.
We don't require a user to login, aside from the standard IE
authentication login, and we want to display a custom message if they
don't have access to the particular page they are trying to access.
The most important thing is that the security must be driven by our
maintainable database tables.
Is there a feature of ASP.NET that allows us to handle this with
minimal custom code? Or maybe there's a better ASP.NET way of handling
this?
Thanks for any assistance you can give me.
Steve
want to be able to control which user has access to which pages. So
User A should be able to access pages 3, 4 and 10, and User B should
be able to access pages 1, 2 and 9 etc. We also want to be able to
mantain these rules using a set of maintenance tables e.g. add pages,
groups, users and setup which groups have access to which pages.
At the moment we are going down the path of creating a set of classes
to integrate the security in to the front-end, with each page having a
call at the top of the page that passes in the page name and the
user's login name and the object will return either True or False as
to whether they can access the page or not.
The application is currently setup with Anonymous Access off and Basic
Authentication & Integrated Windows Authentication turned on, so that
we can get the users login name for database auditing purposes.
However, I've read bits and pieces on the builtin form authentication
in ASP.NET and I would like to take advantage of it if it will handle
the scenario I have described.
We don't require a user to login, aside from the standard IE
authentication login, and we want to display a custom message if they
don't have access to the particular page they are trying to access.
The most important thing is that the security must be driven by our
maintainable database tables.
Is there a feature of ASP.NET that allows us to handle this with
minimal custom code? Or maybe there's a better ASP.NET way of handling
this?
Thanks for any assistance you can give me.
Steve