Should I use .net's membership, role systems for authentication andauthorization?

G

gnewsgroup

I am working on a membership web application,

The logic is like this:

1. All logged-in users can visit Folder1, Folder2, Folder3, but
only administrators can access the Admin folder. Desirably, the link
to Admin pages won't even be visible to regular logged-in users.
2. For pages in Folder1, Folder2, Folder3, some pre-defined actions
(such as edit/delete) can only be done by an administrator.

I was trying to achieve logic 1 without considering 2 by creating a
web.config file underneath Admin folder, and in this web.config, I say

<system.web>
<authorization>
<allow users="admin" />
<deny users="johndoe" />
<deny users="smithdoe" />
</authorization>
</system.web>

The problem is when Johndoe tries to access the admin page, he is
kicked out right to the Login page of the application. How do I kick
him back to where he came from? Also, it's gonna be a problem if I
have to explicitly specify the allowed and denied users.

I think it is more troublesome to implement Logic 2.

I have never done anything using the asp.net membership, role, profile
framework. Will it greatly ease the implementation of the business
logic? I would like to know from the experienced before I delve into
the membership, role, profile systems. We have our own user table in
our database, which does not match the table structure of the
SqlMembership provider's user table.

Thank you very much.
 
P

Peter Bromberg [C# MVP]

For item 2, if you are going to "let them in" then you might consider using
something like
if( Page.User.IsInRole("Administrator") )
{
// your logic to enable / disable controls here
}

Yes, ASP.NET membership, roles and profiles can definitely speed up and
improve your application development. There's always a learning curve to get
to first base, but it's worth it.
--Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
MetaFinder: http://www.blogmetafinder.com
 
G

gnewsgroup

For item 2, if you are going to "let them in" then you might consider using
something like
if( Page.User.IsInRole("Administrator") )
{
// your logic to enable / disable controls here

}

Yes, ASP.NET membership, roles and profiles can definitely speed up and
improve your application development. There's always a learning curve to get
to first base, but it's worth it.
--Peter
Site:http://www.eggheadcafe.com
UnBlog:http://petesbloggerama.blogspot.com
MetaFinder:http://www.blogmetafinder.com

Thank you very much. Then I guess the .net membership and role is the
way to go. Gotta look into it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top