S
Snig
Hi all
I need to implement the following scenario in my application:
1. Roles are stored in SQL-SERVER.
2. Access Rights will be given to the roles by the administrator by the
application itself.
3. Access Rights will be given on functionality basis. e.g. some role
can Add a new record, some can search for some particular records, some
can update it etc. We have these functionality implemented by standard
buttons in pages. Let's call these as "Access Areas".
4. There are huge number of such Access Areas to be implemented in
various pages. Though they are finite (means administrator cannot
create/delete these access areas), but he can change the permission
over an Aceess Area to a role.
Solutions I thought:
1. I can, of course, write few lines in individual pages, read the
settings from database and apply. But I want to do this centrally, like
in application_authorizerequest event of global.asax file.
2. I can create custom/user controls for each of the Access Areas and
implement security model onto that. But, we have developed the
application too far before the customer has made this request.
In this scenario, can somebody help me about how should I design the
security model?
Thanks
Snig.
I need to implement the following scenario in my application:
1. Roles are stored in SQL-SERVER.
2. Access Rights will be given to the roles by the administrator by the
application itself.
3. Access Rights will be given on functionality basis. e.g. some role
can Add a new record, some can search for some particular records, some
can update it etc. We have these functionality implemented by standard
buttons in pages. Let's call these as "Access Areas".
4. There are huge number of such Access Areas to be implemented in
various pages. Though they are finite (means administrator cannot
create/delete these access areas), but he can change the permission
over an Aceess Area to a role.
Solutions I thought:
1. I can, of course, write few lines in individual pages, read the
settings from database and apply. But I want to do this centrally, like
in application_authorizerequest event of global.asax file.
2. I can create custom/user controls for each of the Access Areas and
implement security model onto that. But, we have developed the
application too far before the customer has made this request.
In this scenario, can somebody help me about how should I design the
security model?
Thanks
Snig.