L
Larry Rekow
I created a web application in classic ASP 6 months ago that had a
login page which would only allow certain users to add, update or
delete files from 6 different departments. (Windows 2000 server, NTFS,
IIS5, not using Active Directory. After users are challenged for basic
windows authentication, they get to the login page.)
At the time, I set-up an Access db and a manager's page to add, delete
and modify the permissions of users. When a user would login, a string
would be put into their session variable showing which departments
they had permission to use. the string was something like: 0010100
where the first "0" meant they didn't have permission to department 1,
but, in this case, they DID have permission to departments 3 and 5.
They have 6 departments...the seventh digit was to show they had
permission to all departments.
Anyhow, at the top of each department page where a user could do any
adding or deleting or updating, i put an include file that would
redirect them to the login page if they didn't have the correct string
for that department in their session variable.
Works fine (tho some don't like having to login again after the
session times out), but I'm now wanting to re-write this app in
ASP.Net, and would like to find a more elegant approach to this. New
to ASP.Net; not looking for code, just some direction for a better
solution. Any ideas appreciated.
Thanks,
Larry Rekow
- - - - - - - - - - - - - - - - - -
"Forget it, Jake. It's Chinatown."
login page which would only allow certain users to add, update or
delete files from 6 different departments. (Windows 2000 server, NTFS,
IIS5, not using Active Directory. After users are challenged for basic
windows authentication, they get to the login page.)
At the time, I set-up an Access db and a manager's page to add, delete
and modify the permissions of users. When a user would login, a string
would be put into their session variable showing which departments
they had permission to use. the string was something like: 0010100
where the first "0" meant they didn't have permission to department 1,
but, in this case, they DID have permission to departments 3 and 5.
They have 6 departments...the seventh digit was to show they had
permission to all departments.
Anyhow, at the top of each department page where a user could do any
adding or deleting or updating, i put an include file that would
redirect them to the login page if they didn't have the correct string
for that department in their session variable.
Works fine (tho some don't like having to login again after the
session times out), but I'm now wanting to re-write this app in
ASP.Net, and would like to find a more elegant approach to this. New
to ASP.Net; not looking for code, just some direction for a better
solution. Any ideas appreciated.
Thanks,
Larry Rekow
- - - - - - - - - - - - - - - - - -
"Forget it, Jake. It's Chinatown."