Re: What is the best approach?
- From: "Patrick Allmond - Focus Consulting Inc" <patrickOKC@xxxxxxxxxxxxxxxx>
- Date: Thu, 22 Dec 2005 10:22:48 -0600
If you add someone automatically to a role upon registration there I almost
don't even see a need for a role. If everybody gets it there is no need to
deny access to it. So that part of the application would have no authority
checking at all. Almost like creating and maintaining a role called "Every
Single User". If everybody gets that role, what is the point of having the
role.
This may be my ignorance. Feel free to bust me wide open.
Patrick
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be63174a028c7d49216d03feb@xxxxxxxxxxxxxxxxxxxxx
> Hello Andrew,
>
> why not add them to a role programmatically upon registration?
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> That is not good to us:
>>
>> After a user (a Junior) registered in my website, he/she should be
>> able to access all pages, except pages for Senior members, right away.
>>
>> He/she can not wait for us to manually add them into a role, because
>> we may not check new member for days.
>>
>> Any other automatic ways? Thanks...
>>
>> "Dominick Baier [DevelopMentor]" wrote:
>>
>>> Hello Andrew,
>>>
>>> right
>>>
>>> also read this:
>>> http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> <configuration>
>>>> <system.web>
>>>> <authorization>
>>>> <deny users="*"/>
>>>> <allow roles="Admins"/>
>>>> </authorization>
>>>> </system.web>
>>>> </configuration>
>>>> this requires me "manually" add each new registered members into a
>>>> predefined role, say "Junior", "Senior", right?
>>>> "Dominick Baier [DevelopMentor]" wrote:
>>>>
>>>>> Hello Andrew,
>>>>>
>>>>> have a look at the <authorization> element in web.config.
>>>>>
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> Hello, friends,
>>>>>>
>>>>>> I implemented Forms Authentication in my asp.net app, it worked
>>>>>> fine. However, now I have another problem:
>>>>>>
>>>>>> Although a user can be authenticated, but he/she may still not be
>>>>>> allowed to view certain pages and folders. For exampl, a junior
>>>>>> member can not view pages for senior memebers, although he/she can
>>>>>> log into the web site. What is the best approach to do this?
>>>>>>
>>>>>> Any reference papers, sample code? Thanks.
>>>>>>
>
>
.
- Follow-Ups:
- Re: What is the best approach?
- From: Dominick Baier [DevelopMentor]
- Re: What is the best approach?
- References:
- Re: What is the best approach?
- From: Dominick Baier [DevelopMentor]
- Re: What is the best approach?
- Prev by Date: Re: Changing domain user password
- Next by Date: Membership custom provider - logout function
- Previous by thread: Re: What is the best approach?
- Next by thread: Re: What is the best approach?
- Index(es):
