username or uid, or your own user tables?

J

JJ

Just wondering what approach you more experienced developers take here:

I am writing a basic cms system to add pages to a site. One function I want
to add is to limit access to a new page on either a role or user basis.

My basic question is:
When assigning permissions in to (for example) a page in a cms, would you
use the built in asp.net username, uid, or create your own user/role tables
and use the relevent unique ID to identify a particular user/role?

I notice cms systems like dotnetnuke etc seem to use their own user
management and not the built in asp.net user management system. I am not
sure whether this is to do with difficulties with using the 'built in' user
tables and obtaining a uid?

Also, if using the built in tables I assume you shouldn't create
relationships with them (and hence alter their structure)?
I'm a bit confused but hopefully you can see my point and what I'm trying to
say here :-\

JJ
 
S

sloan

Other than basic additions ( address , work phone number , etc)....
if you're doing a 2.0 project, you might want :
To implement a membership provider, you create a class that inherits the
MembershipProvider abstract class from the System.Web.Security namespace

See
http://msdn2.microsoft.com/en-us/library/f1kyba5e.aspx

http://www.devx.com/asp/Article/29256/0/page/3

http://www.15seconds.com/issue/050216.htm


That's membership. There's also a RoleProvider abstract class you can
implement.


Its not hard, but the devil is in the details.
 
J

JJ

I'm still a bit confused (sorry - new to this area).

My membership provider currently uses SQL server and saves all information
to the tables that are set up by running:
aspnet_regsql.exe.

I'm not sure that I need to actually store this information in the
'users'/'roles' membership tables - I would have thought that each page
(i.e. an entry in the pages table) will need a related permissions table
with the usernames/uid's or roles/roleid's of each user (or role) who can
access that page.

If that is the case, then my questions are:
(i) Am I 'allowed' to create a relation with the aspnet_users table in order
to get the uid (or should I just look it up when necessary)
(ii) How to you get the uid/roleid of a logged in user?
(iii) Is it ok to allow users to add/delete roles to the aspnet_roles table,
provided you hide the previously created admin/editor/etc priveledged roles?

Hope that makes sense,

JJ
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Authentication and Auditing: Incorrect Username in Audit tables 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
joining tables or view 0
Digital Signature field form in PDF generated document from HTML 5
User or UserManager ? Problems of Observer Pattern 2
Layout: Divs or Tables? 6
Get "user" tables 4
XSD Error: "Expecting '.', identifier or quoted identifier withmultiple tables. 0

Members online

Total: 28 (members: 1, guests: 27)
Robots: 210

Forum statistics

Threads
473,766
Messages
2,569,569
Members
45,042
Latest member
icassiem

Latest Threads

Top