D
dave
Hi
I am trying to decide on the best way to implement a role based security
solution for a dotNET website.
I am keen to use the Identities, roles and principals provided with dotnet
framework, but i am unsure how to implement the following scenario and
wondered if someone could shed some light on the best way to do so in a VB
manner.
Situation:
A logged on user can have different roles for the many different companies
he is asisgned to administer, eg:
Company A - he can add, amend staff
Company B - he can only amend staff
Company C - he can only view staff details
(only showing three companies here, but there could be any number of
companies he, or others, are assigned to - and many areas of functionality)
My initial thought was that once he had logged in i would pick up from a
permissions table the companies he has been assigned to and his respective
permission(s) for each company into a multi-dimensional array.
On each page that required it - I would have to loop the permissions to see
if they can carry out that particular task for a particular company and
enable/disable the controls thereafter.
As i say i like the idea of using the frameworks identities, roles, etc but
aware that i could realistically on store one set of permissions for one
company within this without implementing my own subclass.
Can anyone suggest which way would be the best to implement and any links to
example VB code? Eg, if i was to go for the multi-array where is the best
place initialise it and store it for global access for that persons session.
I am pretty new to the dotnet arena and want to make sure i use the most
scalable solution using what is now available in dotnet - trouble is i need
to get onto this quickly and cant seem to read all the dotnet books i have
quickly enough..... So hoping someone can help me jump start this!
Many thanks in advance!
I am trying to decide on the best way to implement a role based security
solution for a dotNET website.
I am keen to use the Identities, roles and principals provided with dotnet
framework, but i am unsure how to implement the following scenario and
wondered if someone could shed some light on the best way to do so in a VB
manner.
Situation:
A logged on user can have different roles for the many different companies
he is asisgned to administer, eg:
Company A - he can add, amend staff
Company B - he can only amend staff
Company C - he can only view staff details
(only showing three companies here, but there could be any number of
companies he, or others, are assigned to - and many areas of functionality)
My initial thought was that once he had logged in i would pick up from a
permissions table the companies he has been assigned to and his respective
permission(s) for each company into a multi-dimensional array.
On each page that required it - I would have to loop the permissions to see
if they can carry out that particular task for a particular company and
enable/disable the controls thereafter.
As i say i like the idea of using the frameworks identities, roles, etc but
aware that i could realistically on store one set of permissions for one
company within this without implementing my own subclass.
Can anyone suggest which way would be the best to implement and any links to
example VB code? Eg, if i was to go for the multi-array where is the best
place initialise it and store it for global access for that persons session.
I am pretty new to the dotnet arena and want to make sure i use the most
scalable solution using what is now available in dotnet - trouble is i need
to get onto this quickly and cant seem to read all the dotnet books i have
quickly enough..... So hoping someone can help me jump start this!
Many thanks in advance!