473,387 Members | 1,510 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > developing authentication and roles thinking about api

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Developing Authentication and Roles thinking about API

Hi all,

I'm developing an ASP.NET website and thinking about releasing the API
through webservices in a couple of months (like flickr.com let's say).

Most of the website functionality is restricted to authenticated users.
Users are classified in different roles, and different roles can take
different actions.

E.g. Guest can call a function to delete one of his articles, but
cannot call a function that can delete any article (which can be called
by an Administrator).

I would like to ask how would you handle user authentication and roles,
considering that I have to release the API?

The following is an example of the parameters I need to pass to a
"DeleteArticle" function called from a asp.net page that is accessible
only to authenticated users.

public bool DeleteArticle(articleID, UserID)
{
// delete article
}

The same function called from the API, could look like this if
authentication and roles are not planned with the webservices in mind.

public bool DeleteArticle(articleID, userID, userPassword)
{
// check username and password and authenticate
// check if user can delete article
// delete article
}

Thanks in advance,
Giammarco

Nov 19 '05 #1
2 1119

Read up on "code access security". Rather than accepting authentication and
authorization information via your API, demand appropriate permissions inside
your implementation and let the Framework implement the security for you.

"Giammarco" wrote:
Hi all,

I'm developing an ASP.NET website and thinking about releasing the API
through webservices in a couple of months (like flickr.com let's say).

Most of the website functionality is restricted to authenticated users.
Users are classified in different roles, and different roles can take
different actions.

E.g. Guest can call a function to delete one of his articles, but
cannot call a function that can delete any article (which can be called
by an Administrator).

I would like to ask how would you handle user authentication and roles,
considering that I have to release the API?

The following is an example of the parameters I need to pass to a
"DeleteArticle" function called from a asp.net page that is accessible
only to authenticated users.

public bool DeleteArticle(articleID, UserID)
{
// delete article
}

The same function called from the API, could look like this if
authentication and roles are not planned with the webservices in mind.

public bool DeleteArticle(articleID, userID, userPassword)
{
// check username and password and authenticate
// check if user can delete article
// delete article
}

Thanks in advance,
Giammarco

Nov 19 '05 #2
Thanks Lee,

Giammarco

Nov 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Combine Forms Authentication with Windows
by: Nick | last post by:
I am working a new application...well actually a series of applications for my company. They want internal users to be able to go to a site and everything regarding security is transparent,...
.NET Framework
4
ASP.NET Authentication exception case
by: Jay | last post by:
I have authentication set for my site but I need one page to be an exception case. Namely my forgot password page. How do I tell the webconfig file to authenciate all pages except one page? ...
C# / C Sharp
3
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
3
NT based roles using forms authentication
by: Sharat Koya | last post by:
Please can you help with a problem I am having. My web config is set to... <authorization><deny users="?"/> <authentication mode="Forms"> <forms name=".COOKIE" loginUrl="login.aspx"...
ASP.NET
4
ASP.NET login authentication
by: nicholas | last post by:
Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for...
ASP.NET
5
Redirecting via windowd authentication
by: darrel | last post by:
I'm trying to set up a usercontrol that I can put on specific pages to authenticate people via their network login on our intranet. I have this in the config file: <authentication mode="Windows"...
ASP.NET
2
web.config : <authentication>
by: cmrchs | last post by:
Hi, I'm having problems with the interpretation of roles in the <authentication> entries in web.config Scenario : I'm logging on as 'Administrator' and try to access a site for which the...
ASP.NET
6
Using Windows Authentication in ASP.NET - Adding properties to users
by: Matt Adamson | last post by:
Guys, I'm unsure how to use windows authentication in an intranet application. I'd like to user existing windows account to identify users however the issue I have is how to then add settings to...
ASP.NET
4
Forms authentication vs session variable
by: Bjorn Sagbakken | last post by:
In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!