473,382 Members | 1,365 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > "pattern" or "best practice" in security checks

Join Bytes to post your question to a community of 473,382 software developers and data experts.

"Pattern" or "best practice" in security checks

Hi

Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more detailed
that on page level. Rather component level.

This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in a
sudden datagrid. This is of course not secure enough so therefore the checks
in the events.

This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time this
have come up.

To summerize. I want to avoid this.

private void datagrid_DeleteCommand(object source, DataGridCommandEventArgs
e)
{
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
{
long currentid = Int64.Parse(((Label)e.Item.FindControl("lblid")).T ext);
_Service.DeleteItem(currentid);
Databind_datagrid();
}
}

Thanks in regards
Anders, Denmark


Nov 19 '05 #1
1 1269
I would create a simple permission manager with an XML or database store.
You could simply call something like this:

PermissionManager.HasPermission("Delete", theRowsID);

and it would return a bool stating whether the current user has the
permission to delete that current object. I would then take advantage of the
ItemCreated event of the DataGrid and hide the Delete LinkButton for any
rows that the current user shouldn't be able to delete. You'll still need
code in the DeleteCommand like you posted, only you could use a
PermissionManager setup for easier management.

Here's an example PermissionManager, although it is developed for the .NET
2.0 framework:
http://www.gotdotnet.com/Community/W...0-4655e1a7682b

Hope this helps,
Johann MacDonagh

"Anders K. Jacobsen [DK]" <no**@at.all> wrote in message
news:u1**************@TK2MSFTNGP11.phx.gbl...
Hi

Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more
detailed
that on page level. Rather component level.

This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in
a
sudden datagrid. This is of course not secure enough so therefore the
checks
in the events.

This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time
this
have come up.

To summerize. I want to avoid this.

private void datagrid_DeleteCommand(object source,
DataGridCommandEventArgs
e)
{
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
{
long currentid =
Int64.Parse(((Label)e.Item.FindControl("lblid")).T ext);
_Service.DeleteItem(currentid);
Databind_datagrid();
}
}

Thanks in regards
Anders, Denmark

Nov 19 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

77
Multi-threading article finally "finished" - reviewers welcome
by: Jon Skeet [C# MVP] | last post by:
Please excuse the cross-post - I'm pretty sure I've had interest in the article on all the groups this is posted to. I've finally managed to finish my article on multi-threading - at least for...
.NET Framework
5
"Restructure a Windows application" from scratch in 2 months
by: Rajat Tandon | last post by:
Hello Everybody, Please guide me so that I can fulfill this challenging assisnment ... I have been asked to "Restructure a Windows application" from scratch in 2 months. The existing...
C# / C Sharp
3
Best design pattern for a TCP "HUB" service
by: danavni | last post by:
i need to build a service that will accept incoming TCP/IP connections. the service should act like a "HUB" where on one side clients connect to it and stay connected for as long as they like and...
Visual Basic .NET
17
Should I Use "Dim ___ As New ___"?
by: Tim Baur | last post by:
Hi All, I'm a VB6er who's recently started using VB2005; I have a general question about variable declaration. In VB, I've always tried to avoid using the "As New" construct when declaring a...
Visual Basic .NET
1
Preferred way to do "update row, or insert if it doesn't exist" using TableAdapters in dataset designer
by: H5N1 | last post by:
hi there the topic says it all. I have a outer join select statement in tableadapter that populates GridView, I want to make it updatetable, so I need to provide an update command for table...
ASP.NET
9
what is the best practice to store "modes": enum, int constant orwhat?
by: Jacek Dziedzic | last post by:
Hi! I often find that my programs need to store information on "current mode of something" with two or at most several mutually exclusive "modes" to choose from, e.g. - datafile: is it in a)...
C / C++
16
What will happen to "1 << (-1)" in G++?
by: Mr. Ken | last post by:
Left shift by negative numbers, will I get 1/2? Thanks.
C / C++
16
Opinion wanted on "Regex"
by: Mark Chambers | last post by:
Hi there, I'm seeking opinions on the use of regular expression searching. Is there general consensus on whether it's now a best practice to rely on this rather than rolling your own (string)...
C# / C Sharp
25
" //Clean Up managed resources " f&*ck
by: Koliber (js) | last post by:
sorry for my not perfect english i am really f&*ckin angry in this common pattern about dispose: ////////////////////////////////////////////////////////// Public class...
C# / C Sharp
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!