S
steven scaife
I am creating a site for the intranet at the company i work for, but there
are 3 levels of security and a login form.
All users have to authenticate with the system. Logins are stored in a DB,
but i use windows authentication to find the account, this is working fine,
and i have set the forms login XML bit in the web.config.
However the 3 levels of security are as follows.
Standard
The user gets to fill out requests, search and view current requests.
Managers
They get to verify requests that are then sent to the directors plus the
standard pages
Directors
They get to authorise requests. plus they get the standard pages.
I am just wondering what the best way of setting security is, placing pages
into appropriate directories and using a web.config file to set the security,
or adding location paths tags to the web.config file, or writing my own
mechanism for verifying access.
What do you think is the best way, also i have my ASP.net exam coming up and
no doubt a question similar to this will pop-up, so it would be good to know.
regards
are 3 levels of security and a login form.
All users have to authenticate with the system. Logins are stored in a DB,
but i use windows authentication to find the account, this is working fine,
and i have set the forms login XML bit in the web.config.
However the 3 levels of security are as follows.
Standard
The user gets to fill out requests, search and view current requests.
Managers
They get to verify requests that are then sent to the directors plus the
standard pages
Directors
They get to authorise requests. plus they get the standard pages.
I am just wondering what the best way of setting security is, placing pages
into appropriate directories and using a web.config file to set the security,
or adding location paths tags to the web.config file, or writing my own
mechanism for verifying access.
What do you think is the best way, also i have my ASP.net exam coming up and
no doubt a question similar to this will pop-up, so it would be good to know.
regards