Re: What is the best approach?
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 15:51:25 -0600
I think a Google search on "designing role-based authorization .NET" will
get you started. There are also many great books around.
Joe K.
"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:047C97DD-C10F-4765-B8CA-7E0C8DD80CD5@xxxxxxxxxxxxxxxx
> any reference papers that contain more details on what you mentioned?
>
> thanks...
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> This depends on how your roles are being generated and how your identity
>> lifecycle works. For example, if you store your users in SQL and keep
>> your
>> role definitions in SQL, then the user would just need to do something
>> that
>> would trigger their addition to the new role. Then, a new logon should
>> give
>> them the new role.
>>
>> If you were using Windows authentication, then the role membership would
>> come directly from the user's AD groups.
>>
>> The bottom line is that you can make it work however you want. The key
>> is
>> to getting the users in the right roles and having that data provided to
>> the
>> forms authentication system. The <authorization> element is just a nice
>> way
>> to declaratively determine who gets to access to what using the built-in
>> UrlAuthorizationModule.
>>
>> Joe K.
>>
>> "Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:E29C5839-EA3F-4CEB-B334-6C9CF512E497@xxxxxxxxxxxxxxxx
>> > That is not good to us:
>> >
>> > After a user (a Junior) registered in my website, he/she should be able
>> > to
>> > access all pages, except pages for Senior members, right away.
>> >
>> > He/she can not wait for us to manually add them into a role, because we
>> > may
>> > not check new member for days.
>> >
>> > Any other automatic ways? Thanks...
>> >
>> > "Dominick Baier [DevelopMentor]" wrote:
>> >
>> >> Hello Andrew,
>> >>
>> >> right
>> >>
>> >> also read this:
>> >> http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
>> >> ---------------------------------------
>> >> Dominick Baier - DevelopMentor
>> >> http://www.leastprivilege.com
>> >>
>> >> > <configuration>
>> >> > <system.web>
>> >> > <authorization>
>> >> > <deny users="*"/>
>> >> > <allow roles="Admins"/>
>> >> > </authorization>
>> >> > </system.web>
>> >> > </configuration>
>> >> > this requires me "manually" add each new registered members into a
>> >> > predefined role, say "Junior", "Senior", right?
>> >> >
>> >> > "Dominick Baier [DevelopMentor]" wrote:
>> >> >
>> >> >> Hello Andrew,
>> >> >>
>> >> >> have a look at the <authorization> element in web.config.
>> >> >>
>> >> >> ---------------------------------------
>> >> >> Dominick Baier - DevelopMentor
>> >> >> http://www.leastprivilege.com
>> >> >>> Hello, friends,
>> >> >>>
>> >> >>> I implemented Forms Authentication in my asp.net app, it worked
>> >> >>> fine. However, now I have another problem:
>> >> >>>
>> >> >>> Although a user can be authenticated, but he/she may still not be
>> >> >>> allowed to view certain pages and folders. For exampl, a junior
>> >> >>> member can not view pages for senior memebers, although he/she can
>> >> >>> log into the web site. What is the best approach to do this?
>> >> >>>
>> >> >>> Any reference papers, sample code? Thanks.
>> >> >>>
>> >>
>> >>
>> >>
>>
>>
>>
.
- References:
- Re: What is the best approach?
- From: Dominick Baier [DevelopMentor]
- Re: What is the best approach?
- From: Dominick Baier [DevelopMentor]
- Re: What is the best approach?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: What is the best approach?
- From: Andrew
- Re: What is the best approach?
- Prev by Date: Re: What is the best approach?
- Next by Date: Re: ASP.NET Authentication
- Previous by thread: Re: What is the best approach?
- Next by thread: Re: What is the best approach?
- Index(es):
Relevant Pages
|
|
