Re: What is the best approach?
Hello Andrew,
where are your roles stored?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
good idea, and how, :-)
any sample source code or reference papers?
thanks....
"Dominick Baier [DevelopMentor]" wrote:
Hello Andrew,
why not add them to a role programmatically upon registration?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
That is not good to us:
After a user (a Junior) registered in my website, he/she should be
able to access all pages, except pages for Senior members, right
away.
He/she can not wait for us to manually add them into a role, because
we may not check new member for days.
Any other automatic ways? Thanks...
"Dominick Baier [DevelopMentor]" wrote:
Hello Andrew,
right
also read this:
http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
<configuration>
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admins"/>
</authorization>
</system.web>
</configuration>
this requires me "manually" add each new registered members into a
predefined role, say "Junior", "Senior", right?
"Dominick Baier [DevelopMentor]" wrote:
Hello Andrew,
have a look at the <authorization> element in web.config.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello, friends,
I implemented Forms Authentication in my asp.net app, it worked
fine. However, now I have another problem:
Although a user can be authenticated, but he/she may still not
be allowed to view certain pages and folders. For exampl, a
junior member can not view pages for senior memebers, although
he/she can log into the web site. What is the best approach to
do this?
Any reference papers, sample code? Thanks.
.
Relevant Pages
- Re: What is the best approach?
... Dominick Baier - DevelopMentor ... this requires me "manually" add each new registered members into a predefined role, say "Junior", "Senior", right? ...
(microsoft.public.dotnet.framework.aspnet.security) - Re: What is the best approach?
... Dominick Baier - DevelopMentor ... able to access all pages, except pages for Senior members, right away. ...
(microsoft.public.dotnet.framework.aspnet.security) - Re: Securing static files
... Dominick Baier - DevelopMentor ... they are kicked back to the login page. ... The user may log in with other credentials. ...
(microsoft.public.dotnet.framework.aspnet.security) - Re: How to determine if the logged on user is in a group
... Dominick Baier - DevelopMentor ... I found that you to reboot the SERVER after you create a new group and put users in it so that the new group and the users appear in the whoami list on the server. ... although he is a member of these groups. ...
(microsoft.public.dotnet.security) - Re: HOWTO: Prevent Dynamic Loading of internal Types
... Dominick Baier - DevelopMentor ... Henning Krause ... I could get the public key from the entry assembly via ...
(microsoft.public.dotnet.security) |
|
