Re: Use Roles with Forms auth ans SQL?
From: Ramiro Calderon Romero (rcrdev@epm.net.co)
Date: 02/20/03
- Next message: AnandVishy: "CAS policy in ASP.NET"
- Previous message: Guogang: "Use Roles with Forms auth ans SQL?"
- In reply to: |{evin: "Use Roles with Forms auth ans SQL?"
- Next in thread: |{evin: "Re: Use Roles with Forms auth ans SQL?"
- Reply: |{evin: "Re: Use Roles with Forms auth ans SQL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ramiro Calderon Romero" <rcrdev@epm.net.co> Date: Thu, 20 Feb 2003 01:26:34 -0500
Hi Kevin
I had a similar requirement a few months ago.
1. put the appropiate <deny roles=".."> and/or <allow roles=".."> tags in
web.config
2. You must develop a custom principal class [1] which implements the
System.Security.Principal.IPrincipal interface [2], that performs the
database queries
2. attach a custom security principal to the current ASP.NET thread [3] in
the AuthenticateRequest event handler in the global.asax file [4]
I can send you some code if you want,
Ramiro Calderon
MCAD MCSD
[1] ms-help://MS.VSCC/MS.MSDNVS/cpguide/html/cpconrole-basedsecurity.htm
[2]
ms-help://MS.VSCC/MS.MSDNVS/cpref/html/frlrfSystemSecurityPrincipalIPrincipa
lClassTopic.htm
[3]
ms-help://MS.VSCC/MS.MSDNVS/cpref/html/frlrfSystemThreadingThreadClassCurren
tPrincipalTopic.htm
[4]
ms-help://MS.VSCC/MS.MSDNVS/cpref/html/frlrfSystemWebHttpApplicationClassAut
henticateRequestTopic.htm
"|{evin" <You@dont.need> wrote in message
news:mbhv4vgl7cq012a1s512dvpad7t62726cu@4ax.com...
>
> Greetings, I've been googling for about an hour now and I
> think I may be more confused than when I started. What I'd like to be
> able to do is (for simplicity's sake) the following:
>
> Have a SQL table, say 3 fields.. username, password, role
> Have 2 subdirectories.. say manage_tickets and user_maint
>
> Is it possible (and if so, some links or code snippets would be
> greatly appreciated) to be able to say that only people in the
> 'technician' or 'admin' roles have access to the 'manage_tickets'
> folder and that only the 'admin' role has access to the 'user_maint'
> folder?
>
> I'd like to be able to manage user account from within the app, so
> hard-coding user names into the web.config looks to be out. I want to
> be able to create a record in SQL 'bob', 'mypassword', 'technician'
> and poof! 'bob' has access to 'manage_tickets'.
>
> Maybe I should go have some coffee....
>
- Next message: AnandVishy: "CAS policy in ASP.NET"
- Previous message: Guogang: "Use Roles with Forms auth ans SQL?"
- In reply to: |{evin: "Use Roles with Forms auth ans SQL?"
- Next in thread: |{evin: "Re: Use Roles with Forms auth ans SQL?"
- Reply: |{evin: "Re: Use Roles with Forms auth ans SQL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
