Role Based Solution - Help

Discussion in 'ASP .Net Security' started by dave, Nov 3, 2003.

  1. dave

    dave Guest

    Hi

    I am trying to decide on the best way to implement a role based security
    solution for a dotNET website.

    I am keen to use the Identities, roles and principals provided with dotnet
    framework, but i am unsure how to implement the following scenario and
    wondered if someone could shed some light on the best way to do so in a VB
    manner.

    Situation:

    A logged on user can have different roles for the many different companies
    he is asisgned to administer, eg:
    Company A - he can add, amend staff
    Company B - he can only amend staff
    Company C - he can only view staff details

    (only showing three companies here, but there could be any number of
    companies he, or others, are assigned to - and many areas of functionality)

    My initial thought was that once he had logged in i would pick up from a
    permissions table the companies he has been assigned to and his respective
    permission(s) for each company into a multi-dimensional array.

    On each page that required it - I would have to loop the permissions to see
    if they can carry out that particular task for a particular company and
    enable/disable the controls thereafter.

    As i say i like the idea of using the frameworks identities, roles, etc but
    aware that i could realistically on store one set of permissions for one
    company within this without implementing my own subclass.

    Can anyone suggest which way would be the best to implement and any links to
    example VB code? Eg, if i was to go for the multi-array where is the best
    place initialise it and store it for global access for that persons session.

    I am pretty new to the dotnet arena and want to make sure i use the most
    scalable solution using what is now available in dotnet - trouble is i need
    to get onto this quickly and cant seem to read all the dotnet books i have
    quickly enough..... So hoping someone can help me jump start this!

    Many thanks in advance!
     
    dave, Nov 3, 2003
    #1
    1. Advertising

  2. Re : Role Based Solution - Help

    The Best bet would be to use Forms Authentication along
    with Roles stored in DB. Check out the folllowing link

    http://www.4guysfromrolla.com/webtech/121901-1.shtml

    - Gopi


    >-----Original Message-----
    >Hi
    >
    >I am trying to decide on the best way to implement a

    role based security
    >solution for a dotNET website.
    >
    >I am keen to use the Identities, roles and principals

    provided with dotnet
    >framework, but i am unsure how to implement the

    following scenario and
    >wondered if someone could shed some light on the best

    way to do so in a VB
    >manner.
    >
    >Situation:
    >
    >A logged on user can have different roles for the many

    different companies
    >he is asisgned to administer, eg:
    > Company A - he can add, amend staff
    > Company B - he can only amend staff
    > Company C - he can only view staff details
    >
    >(only showing three companies here, but there could be

    any number of
    >companies he, or others, are assigned to - and many

    areas of functionality)
    >
    >My initial thought was that once he had logged in i

    would pick up from a
    >permissions table the companies he has been assigned to

    and his respective
    >permission(s) for each company into a multi-dimensional

    array.
    >
    >On each page that required it - I would have to loop the

    permissions to see
    >if they can carry out that particular task for a

    particular company and
    >enable/disable the controls thereafter.
    >
    >As i say i like the idea of using the frameworks

    identities, roles, etc but
    >aware that i could realistically on store one set of

    permissions for one
    >company within this without implementing my own subclass.
    >
    >Can anyone suggest which way would be the best to

    implement and any links to
    >example VB code? Eg, if i was to go for the multi-array

    where is the best
    >place initialise it and store it for global access for

    that persons session.
    >
    >I am pretty new to the dotnet arena and want to make

    sure i use the most
    >scalable solution using what is now available in dotnet -

    trouble is i need
    >to get onto this quickly and cant seem to read all the

    dotnet books i have
    >quickly enough..... So hoping someone can help me jump

    start this!
    >
    >Many thanks in advance!
    >
    >
    >
    >.
    >
     
    S Gopikrishna, Nov 7, 2003
    #2
    1. Advertising

  3. dave

    dave Guest

    Thanks for that - i have actually read that and understand the idea behind
    it, but how could i extend that so that i could store (for example) three
    (or more) sets of roles for different companies a person has been assigned
    to.

    Eg, if he clicks on Company A in list then it will find the permissions
    allowed for that company, ie can only amend the details, but then if he
    clicks on Company B he can amend, add and delete.

    Is it possible to store a multi-dimensional array in a CurrentPrinicipals
    roles, as i dont want to have to do a DB lookup every time.

    If it is possible to store a multi-dim array, then how would i loop through
    it using
    "IsInRole()" method - eg finding out if he can amend details for comany ID
    1.

    Thanks in advance!






    "S Gopikrishna" <> wrote in message
    news:058301c3a4e2$c4e741c0$...
    > The Best bet would be to use Forms Authentication along
    > with Roles stored in DB. Check out the folllowing link
    >
    > http://www.4guysfromrolla.com/webtech/121901-1.shtml
    >
    > - Gopi
    >
    >
    > >-----Original Message-----
    > >Hi
    > >
    > >I am trying to decide on the best way to implement a

    > role based security
    > >solution for a dotNET website.
    > >
    > >I am keen to use the Identities, roles and principals

    > provided with dotnet
    > >framework, but i am unsure how to implement the

    > following scenario and
    > >wondered if someone could shed some light on the best

    > way to do so in a VB
    > >manner.
    > >
    > >Situation:
    > >
    > >A logged on user can have different roles for the many

    > different companies
    > >he is asisgned to administer, eg:
    > > Company A - he can add, amend staff
    > > Company B - he can only amend staff
    > > Company C - he can only view staff details
    > >
    > >(only showing three companies here, but there could be

    > any number of
    > >companies he, or others, are assigned to - and many

    > areas of functionality)
    > >
    > >My initial thought was that once he had logged in i

    > would pick up from a
    > >permissions table the companies he has been assigned to

    > and his respective
    > >permission(s) for each company into a multi-dimensional

    > array.
    > >
    > >On each page that required it - I would have to loop the

    > permissions to see
    > >if they can carry out that particular task for a

    > particular company and
    > >enable/disable the controls thereafter.
    > >
    > >As i say i like the idea of using the frameworks

    > identities, roles, etc but
    > >aware that i could realistically on store one set of

    > permissions for one
    > >company within this without implementing my own subclass.
    > >
    > >Can anyone suggest which way would be the best to

    > implement and any links to
    > >example VB code? Eg, if i was to go for the multi-array

    > where is the best
    > >place initialise it and store it for global access for

    > that persons session.
    > >
    > >I am pretty new to the dotnet arena and want to make

    > sure i use the most
    > >scalable solution using what is now available in dotnet -

    > trouble is i need
    > >to get onto this quickly and cant seem to read all the

    > dotnet books i have
    > >quickly enough..... So hoping someone can help me jump

    > start this!
    > >
    > >Many thanks in advance!
    > >
    > >
    > >
    > >.
    > >
     
    dave, Nov 7, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,179
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    518
    Liet Kynes
    Nov 26, 2003
  3. Sri Reddy
    Replies:
    3
    Views:
    372
    Jules
    Jun 21, 2006
  4. John L. Green

    Help please with Role based security not working.

    John L. Green, Oct 20, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    148
    Teemu Keiski
    Oct 21, 2003
  5. Kursat
    Replies:
    1
    Views:
    332
    Dominick Baier
    May 7, 2007
Loading...

Share This Page