Need advice on handling security

B

Bill Gower

I am validating the users of my web app against a user database in SQL
Server. I then store the user object in a session variable and pass it
around to the various forms. I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator". The role
type determines what forms the user can access and certain privileges in
forms. I have menus on a master page but I don't want to hide menu items
depending on the role type. I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?

Bill
 
G

Guest

I am validating the users of my web app against a user database in SQL
Server. I then store the user object in a session variable and pass it
around to the various forms. I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator". The role
type determines what forms the user can access and certain privileges in
forms. I have menus on a master page but I don't want to hide menu items
depending on the role type. I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?
Click to expand...

Hi Bill

you can check it in the code-behind

If Not User.IsInRole("Administrator") Then
Response.Write("Only administrators can see this form")
End If

you can set permissions in web.config

<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>

Hope this helps
 
G

Guest

Hi Bill

you can check it in the code-behind

If Not User.IsInRole("Administrator") Then
Response.Write("Only administrators can see this form")
End If

you can set permissions in web.config

<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>

Hope this helps
Click to expand...

P.S. I assume that you created a FormsAuthenticationTicket with roles
and assigned it the user
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help with code on website (noob) 2
Trouble with signup PHP 2
Final chapter of "Learn PHP, MySQL and JavaScript" 3
I need help fixing my website 2
Need help with stripe payment 0
Security advice needed! 1
Need example of Security FormAuthenicationTicket 0
Need help with this script 4

Members online

Total: 68 (members: 2, guests: 66)
Robots: 436

Forum statistics

Threads
473,995
Messages
2,570,233
Members
46,820
Latest member
GilbertoA5

Latest Threads

Top