Customizable Role-based Authorization

S

Snig

Hi all

I need to implement the following scenario in my application:
1. Roles are stored in SQL-SERVER.
2. Access Rights will be given to the roles by the administrator by the
application itself.
3. Access Rights will be given on functionality basis. e.g. some role
can Add a new record, some can search for some particular records, some
can update it etc. We have these functionality implemented by standard
buttons in pages. Let's call these as "Access Areas".
4. There are huge number of such Access Areas to be implemented in
various pages. Though they are finite (means administrator cannot
create/delete these access areas), but he can change the permission
over an Aceess Area to a role.

Solutions I thought:
1. I can, of course, write few lines in individual pages, read the
settings from database and apply. But I want to do this centrally, like
in application_authorizerequest event of global.asax file.
2. I can create custom/user controls for each of the Access Areas and
implement security model onto that. But, we have developed the
application too far before the customer has made this request.

In this scenario, can somebody help me about how should I design the
security model?

Thanks
Snig.
 
D

Dominick Baier [DevelopMentor]

Hello Snig,

I would go for Application_AuthorizeRequest - this can be global.asax or
better a HttpModule which handles this event.

You have everything you need to know at this stage - requested page and username
as known to the application.
 
S

Snig

Thanks Baier.

Well, in Application_AuthorizeRequest event, I do have the requested
page, username etc. But how can I enable/disable the controls of that
page depending on the settings in this event?
Please note that the authorization should be applied on control/field
level instead of the whole page ...

Snig.
 
D

Dominick Baier [DevelopMentor]

Hello Snig,

aah - i see.

In that case you will have to do it on the page - other things to think about

factor the links out to a ASCX file, or use a new base class (derived from
page) to do the common stuff.
 
S

Snig

Yes, thats seems to be a work-around ...

the problem is we didn't architected the application in this way, as
this security framework is a new requirement from the customer.

thanks Baier, is there some other ways ?

Snig.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Customizable Role-based Authorization 5
ASP.NET Role Authorization Override 4
Role based security question 4
Role based Security and Permissions 0
Role Based Solution - Help 2
Role-Based Authorization 2
Role based security 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 437

Forum statistics

Threads
473,768
Messages
2,569,575
Members
45,053
Latest member
billing-software

Latest Threads

Top