Another Security Question...
From: Chris Blanco (cblancoNOSPAM@necam.com)
Date: 03/25/03
- Next message: Khoi Ha: "Cookie per user login"
- Previous message: David Dabbs: "Forms Authentication behavior on request denial"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Blanco" <cblancoNOSPAM@necam.com> Date: Tue, 25 Mar 2003 14:24:01 -0500
First off let me say that this has been the most helpful ASP.NET newsgroup
that I have found, thanks for all the good answers.
I am developing a custom Principal and Identity for a large Application. It
is going to be used to drill a little further down than roles, so that I can
limit parts of my code to certain access rights (In my design, roles are
made up from a bunch of rights. The rights are defined by me, but can be
moved and deleted from role to role by the end user, so I need something
very flexible). My custom Identity holds all the specific access rights and
roles a user has, so I will be able to check the Threads current principal
to find an access right. I have the Principal and Identity up and running,
but I am having trouble developing an attribute similar to [SecurityRole] or
[PrincipalPermission] that will take an access right instead of a Role.
For example I would like to do something like this.
[NeedsRight("SFCEdit")]
bool ChangeSFC(string strSFc)
{...}
Where if the user does not have the right specified by NeedsRight I will be
able to prevent him from entering that function. How does this work? I know
how to write a custom attribute I just don't know how to prevent the user
from entering that code block. Any pointing in the right direction would be
appreciated greatly!
- Next message: Khoi Ha: "Cookie per user login"
- Previous message: David Dabbs: "Forms Authentication behavior on request denial"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
