securing pages and forms from users

[abdulrauf]

Hope someone can help.

I am trying to build an application that will allow a
user to access/deny an application, the application's
individual pages, and the forms within the individual
pages.

For example once a user log's in the application will
check whether the user can access the application's main
page. If so it lets him/her see the page.

Now once the user clicks on any link on the main page the
application will check whether the user has read only, or
read write access to the page he wanted to see. (Read
write meaning they can write into the form fields in that
page, and read only meaning they can only view the form)

The next level of security I want to implement is whether
the user has read only, or read write permission on The
individual fields (textboxes) in that form. So a user
might have access to the application main page, the
individual page, the form but not to two textboxes on the
form. For example in one form I may contain the person's
name and his salary. I want to allow him to update his
name but not his salary.

If anyone can give advice on how to implement this it
would be much appreciated.

Thank you,
Abdulrauf

 

[Eric Wise]

http://www.microsoft.com/italy/net/business/netarchitect/SecNet.pdf

There is a good example of how to set up an encrypted cookie that sets
application roles at log in (Forms Authentication). I have implemented this
solution myself, a user logs into my site, based on their login tag it goes
to a specific sql server database (connect string in config file), and based
on the read write permissions it finds there it assigns roles.