Re: Role based security
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 09/27/04
- Next message: Dominick Baier: "Security Exception"
- Previous message: exBK: "Role based security"
- In reply to: exBK: "Role based security"
- Next in thread: Daniel Fisher\(lennybacon\): "Re: Role based security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Sep 2004 15:13:14 -0500
There are really two steps:
1. You need to ensure that the authentication system you are using
(Windows/Forms/etc.) is building the correct IPrincipal objects in .NET that
contain the roles you want to validate against. Windows will use
domain/machine groups for role names and Forms is completely
application-specific.
2. You need to restrict access to the pages using either location tags in
your web.config combined with the authorization tag (also known as the
UrlAuthorizationModule) or do declarative or imperative checks in your code,
possibly using the Page.Load event handler or something like that. The code
solution may give you more control over what happens for unauthorized users
as you can use it for selective rendering or custom error redirection or
whatever, but either approach will work. It largely depends on your needs.
Joe K.
"exBK" <exBK@discussions.microsoft.com> wrote in message
news:5EE4A3AA-F292-462D-AB88-DFB057FB51B8@microsoft.com...
> Hi,
> I have several web pages in my app and would like to restrict certain
> users
> from accessing certain pages. Can you provide me any pointers on how to
> implement a role based security so that a page is displayed only to a
> certain
> role? TIA.
>
- Next message: Dominick Baier: "Security Exception"
- Previous message: exBK: "Role based security"
- In reply to: exBK: "Role based security"
- Next in thread: Daniel Fisher\(lennybacon\): "Re: Role based security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
