Fine-grained access control

D

dw

Hello. I've got my LDAP authentication working, and have authorization
working to a great extent as well: I'm limiting who can access the site by
using <allow users="smithj, harrisb, ...."> in the Web.config file.

Is it possible to use this file to also determine who can write to a
particular page and only read from another? The scenario I'm thinking of is
this:

User Page Permission
--------------------------------------------
smithj search.aspx Admin
smithj reports.aspx Read_Only
harrisb search.aspx None
harrisb reports.aspx Admin
........

Can this be accomplished using the User.IsInRole technique or will it
require custom role-management against a SQL database?
Is it possible to make it even more fine-grained, so that a person may have
permission to only view/edit a part of a page? Thanks.
 
M

Manohar Kamath

You can do it one of several ways:

1. Use <location> in your web.config to define who sees what.
2. Use <location> and group your pages into their own folders. This way you
will have less of <location> elements to declare.
3. You could do a IsInRole() on each page.

Options 1 and 2 are elegant... option 3 will work, but now you have to check
roles on each page.
 
D

dw

Thanks, Manohar. Great idea. Can you point me to some examples of how to do
this? I've been finding results on Google, but wondered if you know of a
good one. Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top