Will Forms Authentication work for me, or do I have to "roll my own"
security model on this one.
What I have is an aspx page that will display information based on a
querystring value. Some of the information can be viewed by everyone, but
other information may be viewed by only specified users or groups. The
deciding factor is the querystring value. The request comes in, and the
logic that pulls the data from the underlying database has to know whether
to proceed showing the data or not - depending on who the user is and what
the querystring value is. It appears that Forms authentication works based
on the aspx page name, itself, and is unaware of the querystring value.
The P-code is something like this:
Page_Load()
1. page is requested - querystring value is retrieved.
2. look in database to determine which data is being requested AND if it
requires an authenticated user in order to view it - and if so, who can view
it ('who' can be a user or a group).
3. If authentication is not required - then just show the data on the
requested aspx; else see if the user is authenticated; if authenticated,
then see who it is and show data if user is permitted; else redirect user to
login page.
Note that this is all happening with the same ole aspx page - so it can be
viewed or not based on what data is being requested (per queryString
value) - not what the name of the aspx page, itself, is.
Thanks! 2 976
I successfully developed an app using role-based forms authentication by
using the techniques outlined in these articles: http://support.microsoft.com/default...b;en-us;311495 http://www.4guysfromrolla.com/webtech/121901-1.2.shtml
Here is another article you may find useful as well: http://www.eggheadcafe.com/articles/20020906.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://Steve.Orr.net
"Smithers" <a@b.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... Will Forms Authentication work for me, or do I have to "roll my own" security model on this one.
What I have is an aspx page that will display information based on a querystring value. Some of the information can be viewed by everyone, but other information may be viewed by only specified users or groups. The deciding factor is the querystring value. The request comes in, and the logic that pulls the data from the underlying database has to know whether to proceed showing the data or not - depending on who the user is and what the querystring value is. It appears that Forms authentication works based on the aspx page name, itself, and is unaware of the querystring value.
The P-code is something like this: Page_Load() 1. page is requested - querystring value is retrieved. 2. look in database to determine which data is being requested AND if it requires an authenticated user in order to view it - and if so, who can view it ('who' can be a user or a group). 3. If authentication is not required - then just show the data on the requested aspx; else see if the user is authenticated; if authenticated, then see who it is and show data if user is permitted; else redirect user to login page.
Note that this is all happening with the same ole aspx page - so it can be viewed or not based on what data is being requested (per queryString value) - not what the name of the aspx page, itself, is.
Thanks!
Sounds like you need role's based security. The link below is to an article
which gives a really comprehensive and readable practicle guide. http://www.ondotnet.com/pub/a/dotnet...formsauth.html
Hope this helps
"Smithers" <a@b.com> wrote in message
news:#b**************@TK2MSFTNGP09.phx.gbl... Will Forms Authentication work for me, or do I have to "roll my own" security model on this one.
What I have is an aspx page that will display information based on a querystring value. Some of the information can be viewed by everyone, but other information may be viewed by only specified users or groups. The deciding factor is the querystring value. The request comes in, and the logic that pulls the data from the underlying database has to know whether to proceed showing the data or not - depending on who the user is and what the querystring value is. It appears that Forms authentication works based on the aspx page name, itself, and is unaware of the querystring value.
The P-code is something like this: Page_Load() 1. page is requested - querystring value is retrieved. 2. look in database to determine which data is being requested AND if it requires an authenticated user in order to view it - and if so, who can
view it ('who' can be a user or a group). 3. If authentication is not required - then just show the data on the requested aspx; else see if the user is authenticated; if authenticated, then see who it is and show data if user is permitted; else redirect user
to login page.
Note that this is all happening with the same ole aspx page - so it can be viewed or not based on what data is being requested (per queryString value) - not what the name of the aspx page, itself, is.
Thanks!
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: sambalaz |
last post by:
What is the best way to achieve authentication between two seperate non
trusting domains.
Scenario:
- i have a winform client application that resides on domain A
- the application makes calls...
|
by: Jason |
last post by:
Hi
I was thinking about administering a web application written in ASP.NET
(C#). when the authentication mode is set to "Windows", do all users within
that particular domain have access? how do...
|
by: ElmoWatson |
last post by:
I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get...
|
by: Tom B |
last post by:
In my web.config file I've specified Windows for the authentication, in IIS
I've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous.
Is there somewhere else I...
|
by: Jeff |
last post by:
Can ASP.NET Forms Authentication be used to control access to a single ASPX
page based on querystring parameters? For example, consider a frameset used
to display a database-driven photo album....
| |
by: Joe |
last post by:
What I want to do is make only one page require a login. The application
itself works fine.
I'm getting the following error:
Parser Error Message: It is an error to use a section registered as...
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found...
|
by: =?Utf-8?B?S29uc3RhbnRpbg==?= |
last post by:
I am currently working on the application that need to simulate basic
authentication programmatically using user's credentials that are known.
Basically, the need is for a single sign on with a...
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |