ASP.NET 2.0 Security - Guidance needed

P

Prem Kumar

Hi

I am using the security model of ASP.NET 2.0, am trying to do Forms
authentication in my application. I am creating the roles and the users
necessary for the application using the in-built provider model.

Now the question is

1. how to design my application, to make sure that certain pages can only be
accessed by people belonging to certain roles. (Ex: A user of finance group
only can access finance related pages).

2. Also, if the logged on user is of say finance department and if there is
a generic home page for all the users, should i give the links of other
departments in this page, if provided, then what needs to be displayed, when
he tries to access the page??

Is there any other better way of doing this, as am going to do this in an
enterpsrised architecture. kindly let me know.


Thanks
Prem
 
C

Cowboy \(Gregory A. Beamer\)

Prem Kumar said:
Hi

I am using the security model of ASP.NET 2.0, am trying to do Forms
authentication in my application. I am creating the roles and the users
necessary for the application using the in-built provider model.

Now the question is

1. how to design my application, to make sure that certain pages can only
be
accessed by people belonging to certain roles. (Ex: A user of finance
group
only can access finance related pages).
Click to expand...

Least programming method:
1. Set up roles using the MS ROle Provider
2. Add users to proper roles
3. Create a web.config file in the directory(ies) that restrict to certain
roles

You can also use the menu control and restrict what they can see in the
menus (what they don't see, they are less likely to want). The web.sitemap
file contains the links for the menu.
2. Also, if the logged on user is of say finance department and if there
is
a generic home page for all the users, should i give the links of other
departments in this page, if provided, then what needs to be displayed,
when
he tries to access the page??
Click to expand...

You have a choice. You can add templates for different roles for open pages
so only people with certain roles see certain bits.
Is there any other better way of doing this, as am going to do this in an
enterpsrised architecture. kindly let me know.
Click to expand...

I prefer using the MS stuff, where I can, as it makes my life easier.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside of the box!
*************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security guidance needed. 0
asp.net 2.0 security question 3
ASP.NET 2.0 with UNC share - security restriction & impersonation 0
menu bar and banner responsive issues....any guidance is appreciated! 0
Need Basic ASP.NET Guidance 0
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 3
Security Using Access with asp.net 2
Security Problems in ASP.NET 2.0 0

Members online

No members online now.
Total: 61 (members: 0, guests: 61)
Robots: 446

Forum statistics

Threads
473,990
Messages
2,570,211
Members
46,796
Latest member
SteveBreed

Latest Threads

Top