What is the best approach?

G

Guest

Hello, friends,

I implemented Forms Authentication in my asp.net app, it worked fine.
However, now I have another problem:

Although a user can be authenticated, but he/she may still not be allowed to
view certain pages and folders. For exampl, a junior member can not view
pages for senior memebers, although he/she can log into the web site.

<authorization> in web.config seems a good approach. However, it needs
either to enumerate all users in <allow> or <deny>, or to add users to a
predefined role, say "Junior" or "Senior". All these will be done manually.
Unless there is an automatic way, this is NOT good to us since we need our
new members to access proper pages right after they register. We do not check
our database every minute to see if there are new registered members, and
manually add them. Moreover, a new member may register in midnight or
holidays: We can NOT tell him/her to wait until we have someone to add
his/her name into <authorization> or into a role.

What is the best approach to do this?

Any reference papers, sample code? Thanks.
 
S

Stan

You need to write some code to do that...

Basically you need to store the menu/page/users in the database
and have you menu generated based on this database.

This menu code should not constantly hit the database, you need to cach it
and invalidate cash if the database changes (you can do this easy in ASP.NET
2.0)

You cannot personalize your site with <authorization> element unless you put
related pages in the separate folders and have a separate web.config with
<autorization> in each folder.

Good starting reference is "Designing Application-Managed Authorization"
which you can lookup on MSDN site

Good luck,

-Stan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

An embeddable job widget showing job listings discussion of an approach 0
What is the best approach? 12
What is the most astounding C++ syntax construct? 0
What code do I add / overwrite so that the ebDriver' object has no attribute 'find_element_by_css_selector error is gone ? 0
What is the best approach? 0
What is the best approach? 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Which Is the Best Approach? 2

Members online

Total: 77 (members: 1, guests: 76)
Robots: 403

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,814
Latest member
SpicetreeDigital

Latest Threads

Top