Ask a Question related to ASP.NET Security, Design and Development.
-
dave #1
Role Based Solution - Help
Hi
I am trying to decide on the best way to implement a role based security
solution for a dotNET website.
I am keen to use the Identities, roles and principals provided with dotnet
framework, but i am unsure how to implement the following scenario and
wondered if someone could shed some light on the best way to do so in a VB
manner.
Situation:
A logged on user can have different roles for the many different companies
he is asisgned to administer, eg:
Company A - he can add, amend staff
Company B - he can only amend staff
Company C - he can only view staff details
(only showing three companies here, but there could be any number of
companies he, or others, are assigned to - and many areas of functionality)
My initial thought was that once he had logged in i would pick up from a
permissions table the companies he has been assigned to and his respective
permission(s) for each company into a multi-dimensional array.
On each page that required it - I would have to loop the permissions to see
if they can carry out that particular task for a particular company and
enable/disable the controls thereafter.
As i say i like the idea of using the frameworks identities, roles, etc but
aware that i could realistically on store one set of permissions for one
company within this without implementing my own subclass.
Can anyone suggest which way would be the best to implement and any links to
example VB code? Eg, if i was to go for the multi-array where is the best
place initialise it and store it for global access for that persons session.
I am pretty new to the dotnet arena and want to make sure i use the most
scalable solution using what is now available in dotnet - trouble is i need
to get onto this quickly and cant seem to read all the dotnet books i have
quickly enough..... So hoping someone can help me jump start this!
Many thanks in advance!
dave Guest
-
Do I need Role Based Security
Corinna, In your example i'd say its not necessary to use role-based security. Since there's only 1 level of membership as you say then all I... -
Role-Based Authorization
I am using ASP.NET and Access as the database. I would like to use role-based authorization for the login page. Can anyone help me? -
Reg Role BAsed security..
Hi All.. Can any body detail out the basic diff/advatages/disadvantage over acheiving the role based security and the same thing in case of... -
Help please with Role based security not working.
Hello All, I am trying to use the .Net built in role based security. It is not working. The web config has the following; <authorization> ... -
S Gopikrishna #2 Re : Role Based Solution - Help
The Best bet would be to use Forms Authentication along
with Roles stored in DB. Check out the folllowing link
[url]http://www.4guysfromrolla.com/webtech/121901-1.shtml[/url]
- Gopi
role based security>-----Original Message-----
>Hi
>
>I am trying to decide on the best way to implement aprovided with dotnet>solution for a dotNET website.
>
>I am keen to use the Identities, roles and principalsfollowing scenario and>framework, but i am unsure how to implement theway to do so in a VB>wondered if someone could shed some light on the bestdifferent companies>manner.
>
>Situation:
>
>A logged on user can have different roles for the manyany number of>he is asisgned to administer, eg:
> Company A - he can add, amend staff
> Company B - he can only amend staff
> Company C - he can only view staff details
>
>(only showing three companies here, but there could beareas of functionality)>companies he, or others, are assigned to - and manywould pick up from a>
>My initial thought was that once he had logged in iand his respective>permissions table the companies he has been assigned toarray.>permission(s) for each company into a multi-dimensionalpermissions to see>
>On each page that required it - I would have to loop theparticular company and>if they can carry out that particular task for aidentities, roles, etc but>enable/disable the controls thereafter.
>
>As i say i like the idea of using the frameworkspermissions for one>aware that i could realistically on store one set ofimplement and any links to>company within this without implementing my own subclass.
>
>Can anyone suggest which way would be the best towhere is the best>example VB code? Eg, if i was to go for the multi-arraythat persons session.>place initialise it and store it for global access forsure i use the most>
>I am pretty new to the dotnet arena and want to maketrouble is i need>scalable solution using what is now available in dotnet -dotnet books i have>to get onto this quickly and cant seem to read all thestart this!>quickly enough..... So hoping someone can help me jump>
>Many thanks in advance!
>
>
>
>.
>S Gopikrishna Guest
-
dave #3 Re: Role Based Solution - Help
Thanks for that - i have actually read that and understand the idea behind
it, but how could i extend that so that i could store (for example) three
(or more) sets of roles for different companies a person has been assigned
to.
Eg, if he clicks on Company A in list then it will find the permissions
allowed for that company, ie can only amend the details, but then if he
clicks on Company B he can amend, add and delete.
Is it possible to store a multi-dimensional array in a CurrentPrinicipals
roles, as i dont want to have to do a DB lookup every time.
If it is possible to store a multi-dim array, then how would i loop through
it using
"IsInRole()" method - eg finding out if he can amend details for comany ID
1.
Thanks in advance!
"S Gopikrishna" <sgkishen@yahoo.com> wrote in message
news:058301c3a4e2$c4e741c0$a501280a@phx.gbl...> The Best bet would be to use Forms Authentication along
> with Roles stored in DB. Check out the folllowing link
>
> [url]http://www.4guysfromrolla.com/webtech/121901-1.shtml[/url]
>
> - Gopi
>
>> role based security> >-----Original Message-----
> >Hi
> >
> >I am trying to decide on the best way to implement a> provided with dotnet> >solution for a dotNET website.
> >
> >I am keen to use the Identities, roles and principals> following scenario and> >framework, but i am unsure how to implement the> way to do so in a VB> >wondered if someone could shed some light on the best> different companies> >manner.
> >
> >Situation:
> >
> >A logged on user can have different roles for the many> any number of> >he is asisgned to administer, eg:
> > Company A - he can add, amend staff
> > Company B - he can only amend staff
> > Company C - he can only view staff details
> >
> >(only showing three companies here, but there could be> areas of functionality)> >companies he, or others, are assigned to - and many> would pick up from a> >
> >My initial thought was that once he had logged in i> and his respective> >permissions table the companies he has been assigned to> array.> >permission(s) for each company into a multi-dimensional> permissions to see> >
> >On each page that required it - I would have to loop the> particular company and> >if they can carry out that particular task for a> identities, roles, etc but> >enable/disable the controls thereafter.
> >
> >As i say i like the idea of using the frameworks> permissions for one> >aware that i could realistically on store one set of> implement and any links to> >company within this without implementing my own subclass.
> >
> >Can anyone suggest which way would be the best to> where is the best> >example VB code? Eg, if i was to go for the multi-array> that persons session.> >place initialise it and store it for global access for> sure i use the most> >
> >I am pretty new to the dotnet arena and want to make> trouble is i need> >scalable solution using what is now available in dotnet -> dotnet books i have> >to get onto this quickly and cant seem to read all the> start this!> >quickly enough..... So hoping someone can help me jump> >
> >Many thanks in advance!
> >
> >
> >
> >.
> >
dave Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
