Hi
I haven a question concerning roles and membership in asp.net 2.0. I work
for an online university, and we would like to implement role based security
for our portal. Currently our university has 11 courses, which fall in 5
semesters, and each course is then subdivived into approx 5 or more
groups, and in each group we have teachers, students, teacherAssistan ts. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)
Of course, this is only an estimate, and we are probably going to need more
userTypes(stude nts, teachers, teacherAssistan ts, headTeacherAssi stant), and
create more courses(math, french,computer Science). The number of semester
might also increase if we decided to make the length of a semester shorter.
To solved this, I proposed the following idea, and would like your opinion
on this approach to see if it's viable in terms of maintenance, and fine
control over security. Each roles would have the following naming
convention.
roleName -> "<course><semes ter><groupName> <userType>"
Here is an example of 12 roles that would be created to satisfy 2 courses
all in Fall with 2 groups in each course.
ChemistryFallGr oup1Student
ChemistryFallGr oup1Teacher
ChemistryFallGr oup1TeacherAssi stant
ChemistryFallGr oup2Student
ChemistryFallGr oup2Teacher
ChemistryFallGr oup2TeacherAssi stant
ReligionFallGro up1Student
ReligionFallGro up1Teacher
ReligionFallGro up1TeacherAssis tant
ReligionFallGro up2Student
ReligionFallGro up2Teacher
ReligionFallGro up2TeacherAssis tant
My quesiton is the following, Is this a bad way to organize roles for this
type of portal. Also, is there an alternative way to do this do this kind of
roles based security. By alternative, I mean creating a custom RoleProvider,
and adding a groupID column. That way in the aspnet_UsersInR oles table we
would have the following columns.
(UserId | RoleId | GroupID). Is this second approach going to lead to a lot
of problems down the road, and will it require a lot of work? Will this mean
we would have to rewrite a lot of controls that work with the
SqlRoleProvider , and SqlMembershipPr ovider. I would appreciate any feedback,
or advice. Also, if you can suggest which approach is better and why, or
suggest alternatives ways. Thank you for the time you have given this post,
and I hope to hear from you soon.
Francis
2  1088 
On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote: groups, and in each group we have teachers, students, teacherAssistan ts. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)
This seems not just silly, but completely unmanageable.
Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.
Hi
Thank you for answering. I understand the idea, but what if the following
situation occurs. I have a user called bob, and I would like bob to have the
following access level.
student access for only group1 of the fall semester of the chemistry course.
(chemistry fall student group1)
teacher access for only group2 of the winter semester of the religion course.
(religion winter teacher group2)
If I create the following roles, "chemistry" , "religion", "fall", "winter",
"student", "teacher", "group1", "group2", and add bob to those roles. That
would make bob both a teacher and a student, for both religion and chemistry
in both the winter and fall semesters, and he would be in group 1 and 2 for
both courses. Which is not the acess I want to give bob. One thing I want to
clearify, is that groups are subdivisions of a specific course.
So unless I'm not understanding the idea properly, I don't think it will
work. I really appreciate your advice, and would like to hear more from you.
Please feel free, and let me know if I have misunderstood the idea you are
suggesting.
Have a nice day
Francis
"Erik Funkenbusch" wrote: On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote:
groups, and in each group we have teachers, students, teacherAssistan ts. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)
This seems not just silly, but completely unmanageable.
Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ross Presser |
last post by:
As our customers demand that we tighten our IT security in the company,
I've been asked to prepare a report quarterly showing, for each user in
Active directory, what his effective permissions are for every table in
every database that he has permission for on our SQL Server 2000 server. I
searched a bit for a tool to do this, but all I found was the PERMISSIONS()
function for showing effective permissions of the current user. Is there...
|
by: mark |
last post by:
I have an asp.net ecommerce web application on a remote web server.
I'm using an Access database on the back end. I've notice a few
strange things. When I mimic an multiple user environment by surfin
it in multiple browsers simultaneously the site generates a generic
runtime error after awhile. I'm thinking this has something to do
with my access database and multiple connections. I'm using forms
authentication with a login page. Is...
|
by: Travis Parrent |
last post by:
I'm having a problem where my application forces the user to log on
intially, but then never forces them to reauthenticate. Following is the
login code currently but I've tried several different things. I can walk
away from the app for an hour and come back and it will still not force them
to log back in. Where can i look?
Here's current login code :
Private Sub btnLogon_Click(ByVal sender As System.Object, ByVal e As...
|
by: Francis Reed |
last post by:
Hi
I'm currently developping a University portal that uses single sign on
between multiple applications, and I would like to store my users in one
application and share them with other applications while keeping the roles
unique per application. For our portal, all our users would go in an
application called "UniversityPortal", and roles would be created in each
course application. Here's an example illustrating our proposed structure.
...
|
by: profdotnet |
last post by:
Below is the code of web.config file:
<configuration>
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="Admin"/>
<deny users="Jack,Mary" />
<deny users="?">
</authorization>
| | |
by: Markus Palme |
last post by:
Hi NG!
Is it possible to deny access to a (logged in) user that is not in any
role? Placeholders like <deny roles="?"/don't seem to be possible.
Regards
Markus
<location path="Protected.aspx">
<system.web>
|
by: Douglas J. Badin |
last post by:
Hi,
The problem with Authorization is it stops at the first match and doesn't
permit Grouping.
On the Web Site, I am trying to Secure Page Access and SiteNaviagation by
implementing the following ASP.NET 2.0 features:
- Membership
- Site Maps
|
by: Matt Adamson |
last post by:
Guys,
I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to those users and map them to roles.
If I'd like to restrict the windows users which log on and what tasks they
can perform in the application how should I do this? Presumably I'd need one
user to log in initially and perform admin type tasks...
|
by: Steven Nagy |
last post by:
Hi all,
I'm getting across the membership API stuff.
However it seems that we would have benefitted from some extra
controls for "Manage Users" and "Manage Roles".
Is there some additional controls for this somewhere? Perhaps some 3rd
party free ones?
Seems like the login toolbox is a little "incomplete" to me.
|
by: Jonathan Wood |
last post by:
Greetings,
I'm using ASP.NET membership and I'd like to query the number of users in a
particular role.
I don't want the overhead of returning a dataset and then getting the number
of items in it. I'd like to create a stored procedure for maximum efficiency
that returns the number of users in a particular role.
It appears that role IDs are encrypted in the membership tables so I'm not
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
