Dynamic page security authorization?

Discussion in 'ASP .Net Security' started by Craig Vedur, Aug 31, 2005.

  1. Craig Vedur

    Craig Vedur Guest

    Hey,

    My client wants to implement some sort of dynamic location role-based
    security rule for a web app. Normally, in my web.config, I define the
    location authorization rules such as:

    <location path="WebForm.aspx">
    <system.web>
    <authorization><allow roles="Employee" /></authorization>
    </system.web>
    </location>

    However, he wants to build an admin page that will keep track of pages and
    role access in a database.

    How can you implement this sort of 'dynmaic page authorization'? Obviously,
    I can't define the rules in the web.config anymore.

    Anybody have any ideas? Is it possible to add these rules at runtime?
    Thanks
     
    Craig Vedur, Aug 31, 2005
    #1
    1. Advertising

  2. Craig Vedur

    Pat Guest

    Craig you could have a folder called Admin and under the Admin folder add
    the neccesary (aspx)files you want to protect.
    And later apply the neccesary Authorization.
    Hope that helps
    Look at this article at:- http://dotnetbips.com/displayarticle.aspx?id=117
    Patrick


    "Craig Vedur" <> wrote in message
    news:...
    > Hey,
    >
    > My client wants to implement some sort of dynamic location role-based
    > security rule for a web app. Normally, in my web.config, I define the
    > location authorization rules such as:
    >
    > <location path="WebForm.aspx">
    > <system.web>
    > <authorization><allow roles="Employee" /></authorization>
    > </system.web>
    > </location>
    >
    > However, he wants to build an admin page that will keep track of pages and
    > role access in a database.
    >
    > How can you implement this sort of 'dynmaic page authorization'?

    Obviously,
    > I can't define the rules in the web.config anymore.
    >
    > Anybody have any ideas? Is it possible to add these rules at runtime?
    > Thanks
     
    Pat, Aug 31, 2005
    #2
    1. Advertising

  3. Hello Craig,

    the Authorize_Request event in the HttpPipeline is what you are looking for.
    Here you get information like the identity of the user, his role memberships
    and the requested resource. You can dynamically determine if the use is authorized
    and cancel the request/pass back 401 if you like.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hey,
    >
    > My client wants to implement some sort of dynamic location role-based
    > security rule for a web app. Normally, in my web.config, I define the
    > location authorization rules such as:
    >
    > <location path="WebForm.aspx">
    > <system.web>
    > <authorization><allow roles="Employee" /></authorization>
    > </system.web>
    > </location>
    > However, he wants to build an admin page that will keep track of pages
    > and role access in a database.
    >
    > How can you implement this sort of 'dynmaic page authorization'?
    > Obviously, I can't define the rules in the web.config anymore.
    >
    > Anybody have any ideas? Is it possible to add these rules at runtime?
    > Thanks
     
    Dominick Baier [DevelopMentor], Aug 31, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gnic
    Replies:
    2
    Views:
    4,832
  2. Anand Pillai

    SSL security authorization?

    Anand Pillai, Oct 17, 2003, in forum: Python
    Replies:
    0
    Views:
    260
    Anand Pillai
    Oct 17, 2003
  3. John J. Lee

    Re: SSL security authorization?

    John J. Lee, Oct 19, 2003, in forum: Python
    Replies:
    8
    Views:
    863
    John J. Lee
    Oct 22, 2003
  4. Guest

    Dynamic Forms authorization

    Guest, Aug 17, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    114
    Guest
    Aug 17, 2004
  5. SeanRW
    Replies:
    1
    Views:
    380
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page