Require multiple role membership?

Discussion in 'ASP .Net Security' started by Arthur Dent, Dec 10, 2004.

  1. Arthur Dent

    Arthur Dent Guest

    Is there any way in the web.config "allow roles" authorization section, to
    AND the roles together?
    Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
    there could be Admin employees, and Admin Customers, each with access to
    different sections.
    Is there a way to specifiy that you can only get into the folder "AppAdmin"
    if you are in role Employee AND role Administrator?
    As ive seen it before, the roles by default only OR together.

    Thanks in advance,
    - Arthur Dent
    Arthur Dent, Dec 10, 2004
    #1
    1. Advertising

  2. I don't think you can do this via web.config. You could do this
    programmatically with IsInRole calls, but that is extra work.

    Another way around this might be to create "AND" roles when you do your role
    mapping, so that you have a special role like EmployeeANDAdminstrator that
    you could then use in web.config.

    HTH,

    Joe K.

    "Arthur Dent" <> wrote in message
    news:%...
    > Is there any way in the web.config "allow roles" authorization section, to
    > AND the roles together?
    > Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
    > there could be Admin employees, and Admin Customers, each with access to
    > different sections.
    > Is there a way to specifiy that you can only get into the folder
    > "AppAdmin" if you are in role Employee AND role Administrator?
    > As ive seen it before, the roles by default only OR together.
    >
    > Thanks in advance,
    > - Arthur Dent
    >
    Joe Kaplan \(MVP - ADSI\), Dec 10, 2004
    #2
    1. Advertising

  3. Arthur Dent

    Arthur Dent Guest

    Yeah, thats what im doing at the moment... i have my roles defined in an
    enum, and as additional members of the enum i have my combined roles, then i
    check those names (i use System.Enum.GetName() to define my role names). Eg.
    Enum UserRoles
    Employee = 2
    Administrator = 4
    AdminEmployee = Employee Or Administrator
    End Enum

    Then in my allow role i add AdminEmployee.

    I just thought maybe there was a way to do this without creating combinatory
    values like that.
    Thanks!


    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:O9eOf%...
    >I don't think you can do this via web.config. You could do this
    >programmatically with IsInRole calls, but that is extra work.
    >
    > Another way around this might be to create "AND" roles when you do your
    > role mapping, so that you have a special role like EmployeeANDAdminstrator
    > that you could then use in web.config.
    >
    > HTH,
    >
    > Joe K.
    >
    > "Arthur Dent" <> wrote in message
    > news:%...
    >> Is there any way in the web.config "allow roles" authorization section,
    >> to AND the roles together?
    >> Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
    >> there could be Admin employees, and Admin Customers, each with access to
    >> different sections.
    >> Is there a way to specifiy that you can only get into the folder
    >> "AppAdmin" if you are in role Employee AND role Administrator?
    >> As ive seen it before, the roles by default only OR together.
    >>
    >> Thanks in advance,
    >> - Arthur Dent
    >>

    >
    >
    Arthur Dent, Dec 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,051
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    464
    Liet Kynes
    Nov 26, 2003
  3. clintonG
    Replies:
    4
    Views:
    281
    clintonG
    Jul 15, 2004
  4. Replies:
    0
    Views:
    133
  5. Kursat
    Replies:
    1
    Views:
    294
    Dominick Baier
    May 7, 2007
Loading...

Share This Page