Re: Roles - Access Rule Storage
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 9 Aug 2006 20:45:06 -0500
You might also want to look at the Authorization Manager (AzMan) API if you
want something very flexible and powerful for doing role-based authorization
in an application. I'm not exactly sure how I would apply it given what I
know about your app (not much :)), but it is good to know about.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Matt" <mdframe@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uUC4Tw$uGHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
Joe,
WOW, quick response!
You hit the nail on the head. I want to use a table for URL and file
authorization. I have read a ton about Membership and Roles and custom
providers and not one mentioned the UrlAuthorizationModule. I will look
into finding the namespace to find the dll and definitly will fire up
reflector to see what is going on.
I am working on an application that 42 different organization units will be
using from the same site and none of them want to use the same role names.
I began thinking that even if they only have 5 roles per organization that
it will become a nightmare to maintain the roles via web.config files.
Thanks again,
Matt
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:uybUgq$uGHA.3964@xxxxxxxxxxxxxxxxxxxxxxx
Are you talking about the roles that are applied to the user who is
authenticated, or are you talking about the authorization policy that is
applied to any given URL in terms of who can access it?
If you want to make the latter dynamic, you can just code this in your pages
directly or write your own HTTP Module that does it. If you look at the
(use Reflector to see the code), you can see how it
reads in the authorization configuration applied to the current URL path and
then decides whether the current user has access or not. You could do the
exact same thing in your module, but store the authorization policy in the
database instead and look it up by URL or something. After that, applying
the policy and doing the proper responses is easy and something you could
basically copy from Microsoft's code.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Matt" <mdframe@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uZRFch$uGHA.1956@xxxxxxxxxxxxxxxxxxxxxxx
Can anyone tell me if is is possible to override how a web application
stores/retrieves the Access Rules for roles? Instead of using the
web.config to store the following:
<system.web>
<authorization>
<allow roles="Admin" />
</authorization>
</system.web>
I would like to store this information in a database table and have the
system pull the access role from the table when needed.
Thanks,
Matt
.
- References:
- Roles - Access Rule Storage
- From: Matt
- Re: Roles - Access Rule Storage
- From: Joe Kaplan \(MVP - ADSI\)
- Roles - Access Rule Storage
- Prev by Date: Help needed in finding the right place to start
- Next by Date: Re: Help needed in finding the right place to start
- Previous by thread: Re: Roles - Access Rule Storage
- Next by thread: Re: Roles - Access Rule Storage
- Index(es):
Relevant Pages
|
