Re: What is the best approach?

• From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 21 Dec 2005 13:07:38 -0800

Hello Andrew,

why not add them to a role programmatically upon registration?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

That is not good to us:

After a user (a Junior) registered in my website, he/she should be
able to access all pages, except pages for Senior members, right away.

He/she can not wait for us to manually add them into a role, because
we may not check new member for days.

Any other automatic ways? Thanks...

"Dominick Baier [DevelopMentor]" wrote:

Hello Andrew,

right

also read this:
http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

<configuration>
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admins"/>
</authorization>
</system.web>
</configuration>
this requires me "manually" add each new registered members into a
predefined role, say "Junior", "Senior", right?
"Dominick Baier [DevelopMentor]" wrote:

Hello Andrew,

have a look at the <authorization> element in web.config.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hello, friends,

I implemented Forms Authentication in my asp.net app, it worked
fine. However, now I have another problem:

Although a user can be authenticated, but he/she may still not be
allowed to view certain pages and folders. For exampl, a junior
member can not view pages for senior memebers, although he/she can
log into the web site. What is the best approach to do this?

Any reference papers, sample code? Thanks.

.

• Follow-Ups:
  • Re: What is the best approach?
    • From: Patrick Allmond - Focus Consulting Inc
  • Re: What is the best approach?
    • From: Andrew

• Prev by Date: Re: What is the best approach?
• Next by Date: ASP.NET Authentication
• Previous by thread: Re: What is the best approach?
• Next by thread: Re: What is the best approach?
• Index(es):
  • Date
  • Thread

Relevant Pages Re: What is the best approach? ... Dominick Baier - DevelopMentor ... this requires me "manually" add each new registered members into a predefined role, say "Junior", "Senior", right? ... (microsoft.public.dotnet.framework.aspnet.security) Re: What is the best approach? ... Dominick Baier - DevelopMentor ... this requires me "manually" add each new registered members into a predefined role, say "Junior", "Senior", right? ... (microsoft.public.dotnet.framework.aspnet.security) Re: Roles not working the way I expected.... any help appreciated. ... Dominick Baier - DevelopMentor ... What I want is for only members of the Members Role to have access to ... (microsoft.public.dotnet.framework.aspnet.security) Re: Global Security Group members disappear ... have two DCs and when the members disappear from one DC they disappear from ... Security Enabled Global Group Member Removed: ... Target Account Name: Students ... Caller User Name: SENIOR$ ... (microsoft.public.windows.server.active_directory) Re: driving ban question ... >> senior IAM members who are members of this newsgroup would be proud ... I wasn't aware that any "more senior" IAM ... > members _are_ members of this newsgroup. ... (uk.rec.driving)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint