webapplication with SQL-server

[Ludo VdB]

Hi,

I'm new to ASP. Currently I'm planning to develop a web application for my
company. I want to use ASP for the application and use SQL-server as the
back-end.

I want to enable a userID and password for every user. I also want to
specify permissions to parts of the application.

I have 2 scenario's for this:

I let the application handle the permissions to the different parts. I keep
the permissions in a table in the database so the application knows witch
user has access to witch part of the application. therefore I will only need
one connection to the DB.

I let the permissions handle thru the DB. The application passes through
password and userID to the DB. For every user who logons to the application,
the application will have a connection to the DB.

What's the best scenario?
Or witch scenario should I use when?



Ludo

[Jeff Cochran]

On Fri, 2 Jul 2004 14:22:42 +0200, "Ludo VdB" <ict@vagga.be> wrote:

>I'm new to ASP. Currently I'm planning to develop a web application for my
>company. I want to use ASP for the application and use SQL-server as the
>back-end.
>
>I want to enable a userID and password for every user. I also want to
>specify permissions to parts of the application.
>
>I have 2 scenario's for this:
>
>I let the application handle the permissions to the different parts. I keep
>the permissions in a table in the database so the application knows witch
>user has access to witch part of the application. therefore I will only need
>one connection to the DB.
>
>I let the permissions handle thru the DB. The application passes through
>password and userID to the DB. For every user who logons to the application,
>the application will have a connection to the DB.
>
>What's the best scenario?
>Or witch scenario should I use when?

Neither is best or worst, and assuming you're working with Windows
accounts in the same Windows domain as your app and server, using
Windows authentication might be easier for you to manage. I'd suggest
grouping access levels for convenience, so all users that need access
to part A would be in a group, part B another group, etc.

Jeff

[Bullschmidt]

Here's how I often handle login's:

ASP Design Tips - Login Page
[url]http://www.bullschmidt.com/devtip-loginpage.asp[/url]

Perhaps have a login page that asks the user for his username and
password. And whatever page that posts to (which could be the same page
for a self posting form) tests these fields against what is in the
database, sets the username and userlevel session variables accordingly,
and then redirects to the proper page - i.e. back to the login page if
the password is wrong (perhaps with a JavaScript popup saying wrong
username/password combination) or to the main menu page if the password
is correct:

Session("UserName") = objRS("UserName")
Session("UserLevel") = objRS("UserLevel")
Response.Redirect "mainmenu.asp"

Then you can use If Then's or Select Case on each page to control
whether a user is allowed to actually be there and whether particular
links of where a user can go actually show up.

If (Session("UserLevel") <> "Admin") And (Session("UserLevel") <>
"Regular") Then
Response.Redirect "login.asp"
End If

Best regards,
J. Paul Schmidt, Freelance ASP Web Designer
[url]http://www.Bullschmidt.com[/url]
ASP Designer Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


*** Sent via Devdex [url]http://www.devdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!