S
Smithers
Will Forms Authentication work for me, or do I have to "roll my own"
security model on this one.
What I have is an aspx page that will display information based on a
querystring value. Some of the information can be viewed by everyone, but
other information may be viewed by only specified users or groups. The
deciding factor is the querystring value. The request comes in, and the
logic that pulls the data from the underlying database has to know whether
to proceed showing the data or not - depending on who the user is and what
the querystring value is. It appears that Forms authentication works based
on the aspx page name, itself, and is unaware of the querystring value.
The P-code is something like this:
Page_Load()
1. page is requested - querystring value is retrieved.
2. look in database to determine which data is being requested AND if it
requires an authenticated user in order to view it - and if so, who can view
it ('who' can be a user or a group).
3. If authentication is not required - then just show the data on the
requested aspx; else see if the user is authenticated; if authenticated,
then see who it is and show data if user is permitted; else redirect user to
login page.
Note that this is all happening with the same ole aspx page - so it can be
viewed or not based on what data is being requested (per queryString
value) - not what the name of the aspx page, itself, is.
Thanks!
security model on this one.
What I have is an aspx page that will display information based on a
querystring value. Some of the information can be viewed by everyone, but
other information may be viewed by only specified users or groups. The
deciding factor is the querystring value. The request comes in, and the
logic that pulls the data from the underlying database has to know whether
to proceed showing the data or not - depending on who the user is and what
the querystring value is. It appears that Forms authentication works based
on the aspx page name, itself, and is unaware of the querystring value.
The P-code is something like this:
Page_Load()
1. page is requested - querystring value is retrieved.
2. look in database to determine which data is being requested AND if it
requires an authenticated user in order to view it - and if so, who can view
it ('who' can be a user or a group).
3. If authentication is not required - then just show the data on the
requested aspx; else see if the user is authenticated; if authenticated,
then see who it is and show data if user is permitted; else redirect user to
login page.
Note that this is all happening with the same ole aspx page - so it can be
viewed or not based on what data is being requested (per queryString
value) - not what the name of the aspx page, itself, is.
Thanks!