Re: What is the best approach?

This depends on how your roles are being generated and how your identity
lifecycle works. For example, if you store your users in SQL and keep your
role definitions in SQL, then the user would just need to do something that
would trigger their addition to the new role. Then, a new logon should give
them the new role.

If you were using Windows authentication, then the role membership would
come directly from the user's AD groups.

The bottom line is that you can make it work however you want. The key is
to getting the users in the right roles and having that data provided to the
forms authentication system. The <authorization> element is just a nice way
to declaratively determine who gets to access to what using the built-in
UrlAuthorizationModule.

Joe K.

"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E29C5839-EA3F-4CEB-B334-6C9CF512E497@xxxxxxxxxxxxxxxx
> That is not good to us:
>
> After a user (a Junior) registered in my website, he/she should be able to
> access all pages, except pages for Senior members, right away.
>
> He/she can not wait for us to manually add them into a role, because we
> may
> not check new member for days.
>
> Any other automatic ways? Thanks...
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello Andrew,
>>
>> right
>>
>> also read this:
>> http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>> > <configuration>
>> > <system.web>
>> > <authorization>
>> > <deny users="*"/>
>> > <allow roles="Admins"/>
>> > </authorization>
>> > </system.web>
>> > </configuration>
>> > this requires me "manually" add each new registered members into a
>> > predefined role, say "Junior", "Senior", right?
>> >
>> > "Dominick Baier [DevelopMentor]" wrote:
>> >
>> >> Hello Andrew,
>> >>
>> >> have a look at the <authorization> element in web.config.
>> >>
>> >> ---------------------------------------
>> >> Dominick Baier - DevelopMentor
>> >> http://www.leastprivilege.com
>> >>> Hello, friends,
>> >>>
>> >>> I implemented Forms Authentication in my asp.net app, it worked
>> >>> fine. However, now I have another problem:
>> >>>
>> >>> Although a user can be authenticated, but he/she may still not be
>> >>> allowed to view certain pages and folders. For exampl, a junior
>> >>> member can not view pages for senior memebers, although he/she can
>> >>> log into the web site. What is the best approach to do this?
>> >>>
>> >>> Any reference papers, sample code? Thanks.
>> >>>
>>
>>
>>


.

Relevant Pages

  • Re: An Encryption Strategy - Comments Please
    ... admins) so I am going to use Application Roles on the SQL side. ... user will log in to SQL with Windows Authentication I can store the ... Application Roles in plain text on the client boxes and then activate ... the issue still remains where I will need to store the ...
    (microsoft.public.dotnet.security)
  • Re: What is the best approach?
    ... any reference papers that contain more details on what you mentioned? ... if you store your users in SQL and keep your ... > If you were using Windows authentication, then the role membership would ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Problems with querying date field
    ... >> If you want to put a database somewhere for safekeeping, ... database - SQL isn't about persistence, ... says nothing about the physical storage media to be used. ... store data on a tape, or a disk, or a CD, or a file, or any physical ...
    (microsoft.public.sqlserver.programming)
  • Re: Should I place a Domain controller in each of the 40 stores?
    ... They should be able to do that, one common way is to use a SQL account in an mixed SQL authentication enviroment where the Apps use a dedicated local SQL account to connect to the DB, but again the app may work differently. ... Also note that although it is possible, it's NOT recommended to cluster for example a SQL server that is also a DC. ... We plan to place a SQL server in each store as part of a new POS ... implementation and also migrate to XP Embedded for the POS terminals. ...
    (microsoft.public.windows.server.active_directory)
  • Re: loop and recordset
    ... those members whose membership lapsed. ... Use the SQL language to return only the set of required ... This table obviously needs some constraints. ... ALTER TABLE enrollment_2 ADD ...
    (microsoft.public.access.modulesdaovba)