I've spent a good part of the afternoon searching Google and the newsgroups
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.
I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
working on the design of a security framework for other developers in our
organization to use.
We have a handful of different types of users that are contained in an enum
called UserTypes. I'm trying to find a way to specify at a page level what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.
The thought I had today was that it would be really cool if I could define a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.
The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.
So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish what
I'm trying to do, that would be cool too. Is this a bad idea?
Thanks in advance,
Nathan 2 2019
Nathan:
You can create a module that hooks the PreRequestExecuteHandler. The
runtime will have created the Page by this point. http://odetocode.com/Blogs/scott/arc...2/09/2604.aspx
Have you looked at the built-in PrincipalPermissionAttribute?
--
Scott http://www.OdeToCode.com/blogs/scott/
On Fri, 30 Dec 2005 16:15:07 -0600, "Nathan"
<nratcliff@<REMOVE>gmail.com> wrote: I've spent a good part of the afternoon searching Google and the newsgroups for some sort of answer - so I apologize if I'm asking something that has already been asked and answered.
I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm working on the design of a security framework for other developers in our organization to use.
We have a handful of different types of users that are contained in an enum called UserTypes. I'm trying to find a way to specify at a page level what types of users can view a given page - basically to prevent someone from authenticating and they typing a url to a place they shouldn't be.
The thought I had today was that it would be really cool if I could define a custom attribute that used our UserTypes enum to let developers easily tag each page with the allowed user types. I thought that I could then write "something" (HTTP Handler, Module, etc) to pull the user out of the Context, interrogate the page being requested for it's attribute and then send the user to their home page if the request is invalid.
The problem I'm having is figuring out how to write that "something" - a Module doesn't seem like it's going to work because it sits in the stream before the handler for Page is even created. I'm thinking a module might work, but I'm not sure how to pull that off, and, I'm not sure that I want to load the page twice.
So... if anyone can give me a nudge in the right direction, I would really appreciate it. Or - if someone has a better idea on how to accomplish what I'm trying to do, that would be cool too. Is this a bad idea?
Thanks in advance,
Nathan
Thanks Scott -
I did check out the PrincipalPermissionAttribute - that's pretty much what
spawned my idea. I can't use that attribute because in our scheme, the
roles are not the same as the user types. I'll check out your link and give
that a shot.
Thanks again,
Nathan
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:15********************************@4ax.com... Nathan:
You can create a module that hooks the PreRequestExecuteHandler. The runtime will have created the Page by this point. http://odetocode.com/Blogs/scott/arc...2/09/2604.aspx
Have you looked at the built-in PrincipalPermissionAttribute? -- Scott http://www.OdeToCode.com/blogs/scott/
On Fri, 30 Dec 2005 16:15:07 -0600, "Nathan" <nratcliff@<REMOVE>gmail.com> wrote:
I've spent a good part of the afternoon searching Google and the newsgroups for some sort of answer - so I apologize if I'm asking something that has already been asked and answered.
I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm working on the design of a security framework for other developers in our organization to use.
We have a handful of different types of users that are contained in an enum called UserTypes. I'm trying to find a way to specify at a page level what types of users can view a given page - basically to prevent someone from authenticating and they typing a url to a place they shouldn't be.
The thought I had today was that it would be really cool if I could define a custom attribute that used our UserTypes enum to let developers easily tag each page with the allowed user types. I thought that I could then write "something" (HTTP Handler, Module, etc) to pull the user out of the Context, interrogate the page being requested for it's attribute and then send the user to their home page if the request is invalid.
The problem I'm having is figuring out how to write that "something" - a Module doesn't seem like it's going to work because it sits in the stream before the handler for Page is even created. I'm thinking a module might work, but I'm not sure how to pull that off, and, I'm not sure that I want to load the page twice.
So... if anyone can give me a nudge in the right direction, I would really appreciate it. Or - if someone has a better idea on how to accomplish what I'm trying to do, that would be cool too. Is this a bad idea?
Thanks in advance,
Nathan This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: robert |
last post by:
well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. ...
|
by: MFS 43 |
last post by:
Using Access 2000 and 2002
Have set up user-level security with a new .mdw file (secured.mdw).
I open my database with a short cut whose target includes a command line option
for the workgroup...
|
by: Br |
last post by:
I'm going to go into a fair bit of detail as I'm hoping my methods may
be of assistance to anyone else wanting to implement something similar
(or totally confusing:)
One of systems I've...
|
by: localhost |
last post by:
I have decorated several classes and methods in an
ASP.NET appliation with declarative security attributes
for roles. For example:
I currently use a Try...Finally block in calling code to...
|
by: Dave Wurtz |
last post by:
All,
Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a...
|
by: accessman2 |
last post by:
I have a question.
I want to open the MS Access file with user-level Security.
I know that if I do NOT setup user-level Security in the MS Access file, and create the table for login in the MS...
|
by: evenlater |
last post by:
I realize that user level security is not available for Access
databases in the new AK27 format .accdb, and I know that I can still
utilize ULS by making my database an .mdb file.
But I'm...
|
by: plaguna |
last post by:
Basically I have Three questions about Jet U-L Security:
1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for...
|
by: plaguna |
last post by:
I have MS Access 2007 (My Database files are saved as .mdb extension). I have no problem to create Users and Groups, and grant them specific Permissions. What I don’t understand is why when I create...
|
by: DolphinDB |
last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation.
Take...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
| |