Re: Role-Based hierarchical model advice

From: Erymuzuan Mustapa (emustapa@mac.com)
Date: 09/27/02 

From: "Erymuzuan Mustapa" <emustapa@mac.com>
Date: Fri, 27 Sep 2002 11:03:00 +0800

a role that inherits from other roles, it's hard to achieved because the
inner working process of IPricinpal does not support such thing in asp.net,
but a user could have as many roles as you think necessary, the pricipal
object bind to the context and take an arraylist as the parameter for
roles.. for database design , create three, the relationship between users
and roles should be many to many. email me for a smple app on how to use
role based security in asp.net

regards
erymuzuan mustapa

"NeverStill" <sklett_2000_NoSpizay@yahoo.com> wrote in message
news:OnaNELcZCHA.1688@tkmsftngp09...
Hello,

I've been assigned my first security task for a web application, here are
the main facts:
Small scale, asp.net web application
Forms Authentication
Validating credentials against SQL server
SSL - not that it matters, but just in case

>From my initial research, it looks like what we want to go with is
Role-Based (RBAC) security and simply assign the different user to 1 or many
roles.

I'm having a hard time getting my head around the best way to setup
everything, I think what would help is advice on the best way to construct
the database in regards to the roles. Would I need to create a many-to-many
table for every item that I want to secure so that I can manage the roles?
That would be a lot of work.

Also, if I wanted to make a role type: "Power User" inherit the roles:
"User", "Guest", etc, how could I structure things so that?? I know these
kinds of questions are annoying, I'm not looking for someone to hold my hand
through this, I would just like some pointers or even links to articles that
might be informative. ANY help would be greatly appreciated, I'm pretty lost
on this ;)

TIA-

Steve

Quantcast