What is the best approach?



Hello, friends,

I implemented Forms Authentication in my asp.net app, it worked fine.
However, now I have another problem:

Although a user can be authenticated, but he/she may still not be allowed to
view certain pages and folders. For exampl, a junior member can not view
pages for senior memebers, although he/she can log into the web site.

<authorization> in web.config seems a good approach. However, it needs
either to enumerate all users in <allow> or <deny>, or to add users to a
predefined role, say "Junior" or "Senior". All these will be done manually.
Unless there is an automatic way, this is NOT good to us since we need our
new members to access proper pages right after they register. We do not check
our database every minute to see if there are new registered members, and
manually add them. Moreover, a new member may register in midnight or
holidays: We can NOT tell him/her to wait until we have someone to add
his/her name into <authorization> or into a role.

What is the best approach to do this?

Any reference papers, sample code? Thanks.






You need to write some code to do that...

Basically you need to store the menu/page/users in the database
and have you menu generated based on this database.

This menu code should not constantly hit the database, you need to cach it
and invalidate cash if the database changes (you can do this easy in ASP.NET

You cannot personalize your site with <authorization> element unless you put
related pages in the separate folders and have a separate web.config with
<autorization> in each folder.

Good starting reference is "Designing Application-Managed Authorization"
which you can lookup on MSDN site

Good luck,


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question