Re: ASP.NET 2.0 Security - Guidance needed

From: "Cowboy \(Gregory A. Beamer\)" <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx>
Date: Sat, 16 Sep 2006 11:26:01 -0500

"Prem Kumar" <PremKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:123965E7-3A8E-4E17-9039-EF6D434A3933@xxxxxxxxxxxxxxxx

Hi

I am using the security model of ASP.NET 2.0, am trying to do Forms
authentication in my application. I am creating the roles and the users
necessary for the application using the in-built provider model.

Now the question is

1. how to design my application, to make sure that certain pages can only
be
accessed by people belonging to certain roles. (Ex: A user of finance
group
only can access finance related pages).

Least programming method:
1. Set up roles using the MS ROle Provider
2. Add users to proper roles
3. Create a web.config file in the directory(ies) that restrict to certain
roles

You can also use the menu control and restrict what they can see in the
menus (what they don't see, they are less likely to want). The web.sitemap
file contains the links for the menu.

2. Also, if the logged on user is of say finance department and if there
is
a generic home page for all the users, should i give the links of other
departments in this page, if provided, then what needs to be displayed,
when
he tries to access the page??

You have a choice. You can add templates for different roles for open pages
so only people with certain roles see certain bits.

Is there any other better way of doing this, as am going to do this in an
enterpsrised architecture. kindly let me know.

I prefer using the MS stuff, where I can, as it makes my life easier.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************

.

Prev by Date: Re: Authorization_Request event in Global.asax
Next by Date: Re: Authorization_Request event in Global.asax
Previous by thread: Custom Membership Provider with multi databases
Next by thread: Re: Authorization_Request event in Global.asax
Index(es):
- Date
- Thread

Relevant Pages

Re: Vote for new Ubuntu Feature---Lets try it again --- and without getting
... determine who is and is not permitted to act as an administrator ... asking that the entire Linux/Unix authentication mechanism be ... Chanchao just asked for it to be done on a per-application ... and you told him that he was castrating the unix security model. ...
(Ubuntu)
Re: Httphandler redirection to document -- GetCompiledPageInstance
... I was actally aking how to intercept a request for a document - do some work ... authentication, so I must authenticate through forms authentication ... perhaps the security model is not great but thats another story and I have ...
(microsoft.public.dotnet.framework.aspnet)
IIS and SQL Server access for users outside a domain.
... I'm looking for recommendations for a security model that allows users from ... outside a company's domain (i.e. no NT authentication) to securely access a ... SQL server database. ...
(microsoft.public.inetserver.iis.security)
Re: IIS and SQL Server access for users outside a domain.
... >I'm looking for recommendations for a security model that allows users from ... >outside a company's domain (i.e. no NT authentication) to securely access a ... Peter, ...
(microsoft.public.inetserver.iis.security)
Users and Groups Schema for DB
... Can anyone give me some examples on a proper design for a security model for ... We have to restrict particular functions based on the ... Khurram ...
(microsoft.public.sqlserver.programming)