securing pages and forms from users

Discussion in 'ASP .Net' started by abdulrauf, Jul 31, 2003.

  1. abdulrauf

    abdulrauf Guest

    Hope someone can help.

    I am trying to build an application that will allow a
    user to access/deny an application, the application's
    individual pages, and the forms within the individual
    pages.

    For example once a user log's in the application will
    check whether the user can access the application's main
    page. If so it lets him/her see the page.

    Now once the user clicks on any link on the main page the
    application will check whether the user has read only, or
    read write access to the page he wanted to see. (Read
    write meaning they can write into the form fields in that
    page, and read only meaning they can only view the form)

    The next level of security I want to implement is whether
    the user has read only, or read write permission on The
    individual fields (textboxes) in that form. So a user
    might have access to the application main page, the
    individual page, the form but not to two textboxes on the
    form. For example in one form I may contain the person's
    name and his salary. I want to allow him to update his
    name but not his salary.

    If anyone can give advice on how to implement this it
    would be much appreciated.

    Thank you,
    Abdulrauf
     
    abdulrauf, Jul 31, 2003
    #1
    1. Advertising

  2. abdulrauf

    Eric Wise Guest

    http://www.microsoft.com/italy/net/business/netarchitect/SecNet.pdf

    There is a good example of how to set up an encrypted cookie that sets
    application roles at log in (Forms Authentication). I have implemented this
    solution myself, a user logs into my site, based on their login tag it goes
    to a specific sql server database (connect string in config file), and based
    on the read write permissions it finds there it assigns roles.

    "abdulrauf" <> wrote in message
    news:0b0c01c35768$6d7d0130$...
    > Hope someone can help.
    >
    > I am trying to build an application that will allow a
    > user to access/deny an application, the application's
    > individual pages, and the forms within the individual
    > pages.
    >
    > For example once a user log's in the application will
    > check whether the user can access the application's main
    > page. If so it lets him/her see the page.
    >
    > Now once the user clicks on any link on the main page the
    > application will check whether the user has read only, or
    > read write access to the page he wanted to see. (Read
    > write meaning they can write into the form fields in that
    > page, and read only meaning they can only view the form)
    >
    > The next level of security I want to implement is whether
    > the user has read only, or read write permission on The
    > individual fields (textboxes) in that form. So a user
    > might have access to the application main page, the
    > individual page, the form but not to two textboxes on the
    > form. For example in one form I may contain the person's
    > name and his salary. I want to allow him to update his
    > name but not his salary.
    >
    > If anyone can give advice on how to implement this it
    > would be much appreciated.
    >
    > Thank you,
    > Abdulrauf
     
    Eric Wise, Jul 31, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jurjen de Groot
    Replies:
    0
    Views:
    434
    Jurjen de Groot
    Jan 30, 2004
  2. Tod Birdsall
    Replies:
    2
    Views:
    472
    Juan T. Llibre
    Jan 28, 2005
  3. Replies:
    2
    Views:
    588
    Scott Allen
    Oct 6, 2005
  4. tafs7
    Replies:
    0
    Views:
    125
    tafs7
    Apr 30, 2004
  5. Frank
    Replies:
    1
    Views:
    145
    Dominick Baier
    Apr 17, 2008
Loading...

Share This Page