Need advice on handling security

Discussion in 'ASP .Net' started by Bill Gower, Aug 4, 2007.

  1. Bill Gower

    Bill Gower Guest

    I am validating the users of my web app against a user database in SQL
    Server. I then store the user object in a session variable and pass it
    around to the various forms. I have a field in the user object called Role
    that either holds the value "BusinessAgent" or "Administrator". The role
    type determines what forms the user can access and certain privileges in
    forms. I have menus on a master page but I don't want to hide menu items
    depending on the role type. I would like to in the page load of each form,
    look at the role type and determine whether they have permission to the form
    otherwise alert them to the fact that the form is for administrators only.
    What is the best way to do this?

    Bill
     
    Bill Gower, Aug 4, 2007
    #1
    1. Advertising

  2. On Aug 4, 7:46 am, "Bill Gower" <> wrote:
    > I am validating the users of my web app against a user database in SQL
    > Server. I then store the user object in a session variable and pass it
    > around to the various forms. I have a field in the user object called Role
    > that either holds the value "BusinessAgent" or "Administrator". The role
    > type determines what forms the user can access and certain privileges in
    > forms. I have menus on a master page but I don't want to hide menu items
    > depending on the role type. I would like to in the page load of each form,
    > look at the role type and determine whether they have permission to the form
    > otherwise alert them to the fact that the form is for administrators only.
    > What is the best way to do this?
    >


    Hi Bill

    you can check it in the code-behind

    If Not User.IsInRole("Administrator") Then
    Response.Write("Only administrators can see this form")
    End If

    you can set permissions in web.config

    <location path="admin.aspx">
    <system.web>
    <authorization>
    <allow roles="Administrator" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    Hope this helps
     
    Alexey Smirnov, Aug 4, 2007
    #2
    1. Advertising

  3. On Aug 4, 10:14 am, Alexey Smirnov <> wrote:
    > On Aug 4, 7:46 am, "Bill Gower" <> wrote:
    >
    > > I am validating the users of my web app against a user database in SQL
    > > Server. I then store the user object in a session variable and pass it
    > > around to the various forms. I have a field in the user object called Role
    > > that either holds the value "BusinessAgent" or "Administrator". The role
    > > type determines what forms the user can access and certain privileges in
    > > forms. I have menus on a master page but I don't want to hide menu items
    > > depending on the role type. I would like to in the page load of each form,
    > > look at the role type and determine whether they have permission to the form
    > > otherwise alert them to the fact that the form is for administrators only.
    > > What is the best way to do this?

    >
    > Hi Bill
    >
    > you can check it in the code-behind
    >
    > If Not User.IsInRole("Administrator") Then
    > Response.Write("Only administrators can see this form")
    > End If
    >
    > you can set permissions in web.config
    >
    > <location path="admin.aspx">
    > <system.web>
    > <authorization>
    > <allow roles="Administrator" />
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    > Hope this helps


    P.S. I assume that you created a FormsAuthenticationTicket with roles
    and assigned it the user
     
    Alexey Smirnov, Aug 4, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Asun Friere
    Replies:
    1
    Views:
    520
    Paul Boddie
    Aug 27, 2003
  2. Peter Hansen
    Replies:
    23
    Views:
    903
    Anton Vredegoor
    Sep 5, 2003
  3. Gerrit Holl
    Replies:
    16
    Views:
    637
    Tom Plunket
    Aug 29, 2003
  4. Asun Friere
    Replies:
    0
    Views:
    489
    Asun Friere
    Aug 28, 2003
  5. Michele Simionato
    Replies:
    2
    Views:
    401
    Jacek Generowicz
    Sep 1, 2003
Loading...

Share This Page