What is the best approach?

Discussion in 'ASP .Net' started by =?Utf-8?B?QW5kcmV3?=, Dec 21, 2005.

  1. Hello, friends,

    I implemented Forms Authentication in my asp.net app, it worked fine.
    However, now I have another problem:

    Although a user can be authenticated, but he/she may still not be allowed to
    view certain pages and folders. For exampl, a junior member can not view
    pages for senior memebers, although he/she can log into the web site.

    <authorization> in web.config seems a good approach. However, it needs
    either to enumerate all users in <allow> or <deny>, or to add users to a
    predefined role, say "Junior" or "Senior". All these will be done manually.
    Unless there is an automatic way, this is NOT good to us since we need our
    new members to access proper pages right after they register. We do not check
    our database every minute to see if there are new registered members, and
    manually add them. Moreover, a new member may register in midnight or
    holidays: We can NOT tell him/her to wait until we have someone to add
    his/her name into <authorization> or into a role.

    What is the best approach to do this?

    Any reference papers, sample code? Thanks.
    =?Utf-8?B?QW5kcmV3?=, Dec 21, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?QW5kcmV3?=

    Showjumper Guest

    Do you know about role based authorization that you integreate into forms
    auth? Also are you using 1.1 or 2.0?
    http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
    That is for 1.1
    For 2.0
    http://aspnet.4guysfromrolla.com/articles/121405-1.aspx
    Start there - those links via quick google for role based authorization
    "Andrew" <> wrote in message
    news:D...
    > Hello, friends,
    >
    > I implemented Forms Authentication in my asp.net app, it worked fine.
    > However, now I have another problem:
    >
    > Although a user can be authenticated, but he/she may still not be allowed
    > to
    > view certain pages and folders. For exampl, a junior member can not view
    > pages for senior memebers, although he/she can log into the web site.
    >
    > <authorization> in web.config seems a good approach. However, it needs
    > either to enumerate all users in <allow> or <deny>, or to add users to a
    > predefined role, say "Junior" or "Senior". All these will be done
    > manually.
    > Unless there is an automatic way, this is NOT good to us since we need our
    > new members to access proper pages right after they register. We do not
    > check
    > our database every minute to see if there are new registered members, and
    > manually add them. Moreover, a new member may register in midnight or
    > holidays: We can NOT tell him/her to wait until we have someone to add
    > his/her name into <authorization> or into a role.
    >
    > What is the best approach to do this?
    >
    > Any reference papers, sample code? Thanks.
    >
    Showjumper, Dec 21, 2005
    #2
    1. Advertising

  3. =?Utf-8?B?QW5kcmV3?=

    Stan Guest

    You need to write some code to do that...

    Basically you need to store the menu/page/users in the database
    and have you menu generated based on this database.

    This menu code should not constantly hit the database, you need to cach it
    and invalidate cash if the database changes (you can do this easy in ASP.NET
    2.0)

    You cannot personalize your site with <authorization> element unless you put
    related pages in the separate folders and have a separate web.config with
    <autorization> in each folder.

    Good starting reference is "Designing Application-Managed Authorization"
    which you can lookup on MSDN site

    Good luck,

    -Stan


    "Andrew" <> wrote in message
    news:D...
    > Hello, friends,
    >
    > I implemented Forms Authentication in my asp.net app, it worked fine.
    > However, now I have another problem:
    >
    > Although a user can be authenticated, but he/she may still not be allowed
    > to
    > view certain pages and folders. For exampl, a junior member can not view
    > pages for senior memebers, although he/she can log into the web site.
    >
    > <authorization> in web.config seems a good approach. However, it needs
    > either to enumerate all users in <allow> or <deny>, or to add users to a
    > predefined role, say "Junior" or "Senior". All these will be done
    > manually.
    > Unless there is an automatic way, this is NOT good to us since we need our
    > new members to access proper pages right after they register. We do not
    > check
    > our database every minute to see if there are new registered members, and
    > manually add them. Moreover, a new member may register in midnight or
    > holidays: We can NOT tell him/her to wait until we have someone to add
    > his/her name into <authorization> or into a role.
    >
    > What is the best approach to do this?
    >
    > Any reference papers, sample code? Thanks.
    >
    Stan, Dec 22, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg Linwood
    Replies:
    4
    Views:
    531
    Greg Linwood
    Dec 3, 2003
  2. Paul
    Replies:
    3
    Views:
    409
    Scott Allen
    Apr 30, 2004
  3. milesm
    Replies:
    1
    Views:
    346
    Steve C. Orr [MVP, MCSD]
    May 6, 2004
  4. D. Shane Fowlkes
    Replies:
    0
    Views:
    569
    D. Shane Fowlkes
    May 11, 2004
  5. Larry Rekow
    Replies:
    1
    Views:
    499
    Hermit Dave
    Aug 31, 2004
Loading...

Share This Page