M
Markus Stehle
Hi all!
Within my web applikation I would like to centrally manage page access
rights. Users of my web application belong to certain departments and have
certain roles. The departments and roles are stored in a database. The web
application uses windows authentication and IIS integrated security.
Now I would like to limit access to pages to certain departments and/or
roles. Whats the best way to store the department/roles information and at
which point should I check them? Where can I store the information which
page should be accessible by which roles and/or departments? Currently I'm
reading out the roles and departments during Session_Sart() and store them
in session state - but session state is not available in Begin_Request(), so
I can't use it to verify access rights there.
Any help would be appreciated.
Thanks
Markus
Within my web applikation I would like to centrally manage page access
rights. Users of my web application belong to certain departments and have
certain roles. The departments and roles are stored in a database. The web
application uses windows authentication and IIS integrated security.
Now I would like to limit access to pages to certain departments and/or
roles. Whats the best way to store the department/roles information and at
which point should I check them? Where can I store the information which
page should be accessible by which roles and/or departments? Currently I'm
reading out the roles and departments during Session_Sart() and store them
in session state - but session state is not available in Begin_Request(), so
I can't use it to verify access rights there.
Any help would be appreciated.
Thanks
Markus