Re: Dynamic page security authorization?
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 08/31/05
- Next message: Dominick Baier [DevelopMentor]: "Re: Login Encryption; Login Lookup"
- Previous message: Pat: "Re: Dynamic page security authorization?"
- In reply to: Craig Vedur: "Dynamic page security authorization?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Aug 2005 03:56:26 -0700
Hello Craig,
the Authorize_Request event in the HttpPipeline is what you are looking for.
Here you get information like the identity of the user, his role memberships
and the requested resource. You can dynamically determine if the use is authorized
and cancel the request/pass back 401 if you like.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hey,
>
> My client wants to implement some sort of dynamic location role-based
> security rule for a web app. Normally, in my web.config, I define the
> location authorization rules such as:
>
> <location path="WebForm.aspx">
> <system.web>
> <authorization><allow roles="Employee" /></authorization>
> </system.web>
> </location>
> However, he wants to build an admin page that will keep track of pages
> and role access in a database.
>
> How can you implement this sort of 'dynmaic page authorization'?
> Obviously, I can't define the rules in the web.config anymore.
>
> Anybody have any ideas? Is it possible to add these rules at runtime?
> Thanks
- Next message: Dominick Baier [DevelopMentor]: "Re: Login Encryption; Login Lookup"
- Previous message: Pat: "Re: Dynamic page security authorization?"
- In reply to: Craig Vedur: "Dynamic page security authorization?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
