G
Guest
Hi all
I'm creating web application with windows integrated security.
Every window user is member of one of the groups of managers or operators.
( The membership is stored in a database table )
User | Group
--------------------
Joe | Managers
Jim | Operators
Kevin | Operators ....
----------------------
I'm implementing dynamic authorization by using another table in the
database which describes which group has access to which WebForm.The rows in
this table are subject to change.
FormName | Group
--------------------------
Form 1 | Managers
Form 2 | Operators
... ....
Form n | Operators
--------------------------
In the Page_Load event on every form, the app. checks the membership of a
user in a group,
and the group's access to a web form. According these values, the app grants
the user right to
a current page, or performs redirection to the first page.
Is this approach O.K or there is a better solution?
Is the PageLoad event appropriate for these actions, or it is better to use
some event from global.asax (ex Application_AuthorizeRequest ) ?
If the Application_AuthorizeRequest event is more appropriate than PageLoad,
than I'm facing another problem:
Imagine a Web form (Form1) with submit button which calls another webform
with Response.Redirect("Form2")
I know that during submit process Application_AuthorizeRequest event is
called 2 times (one for the Form1 and one for Form2) .
The problem is that I want my checking procedure to be called only one time
(for Form2).
How can I achieve this?
Thanks in advance
Trebor
I'm creating web application with windows integrated security.
Every window user is member of one of the groups of managers or operators.
( The membership is stored in a database table )
User | Group
--------------------
Joe | Managers
Jim | Operators
Kevin | Operators ....
----------------------
I'm implementing dynamic authorization by using another table in the
database which describes which group has access to which WebForm.The rows in
this table are subject to change.
FormName | Group
--------------------------
Form 1 | Managers
Form 2 | Operators
... ....
Form n | Operators
--------------------------
In the Page_Load event on every form, the app. checks the membership of a
user in a group,
and the group's access to a web form. According these values, the app grants
the user right to
a current page, or performs redirection to the first page.
Is this approach O.K or there is a better solution?
Is the PageLoad event appropriate for these actions, or it is better to use
some event from global.asax (ex Application_AuthorizeRequest ) ?
If the Application_AuthorizeRequest event is more appropriate than PageLoad,
than I'm facing another problem:
Imagine a Web form (Form1) with submit button which calls another webform
with Response.Redirect("Form2")
I know that during submit process Application_AuthorizeRequest event is
called 2 times (one for the Form1 and one for Form2) .
The problem is that I want my checking procedure to be called only one time
(for Form2).
How can I achieve this?
Thanks in advance
Trebor