473,320 Members | 1,829 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Page level security with attributes - bad idea?

I've spent a good part of the afternoon searching Google and the newsgroups
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.

I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
working on the design of a security framework for other developers in our
organization to use.

We have a handful of different types of users that are contained in an enum
called UserTypes. I'm trying to find a way to specify at a page level what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.

The thought I had today was that it would be really cool if I could define a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.

The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.

So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish what
I'm trying to do, that would be cool too. Is this a bad idea?

Thanks in advance,

Nathan
Dec 30 '05 #1
2 2019
Nathan:

You can create a module that hooks the PreRequestExecuteHandler. The
runtime will have created the Page by this point.
http://odetocode.com/Blogs/scott/arc...2/09/2604.aspx

Have you looked at the built-in PrincipalPermissionAttribute?
--
Scott
http://www.OdeToCode.com/blogs/scott/

On Fri, 30 Dec 2005 16:15:07 -0600, "Nathan"
<nratcliff@<REMOVE>gmail.com> wrote:
I've spent a good part of the afternoon searching Google and the newsgroups
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.

I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and I'm
working on the design of a security framework for other developers in our
organization to use.

We have a handful of different types of users that are contained in an enum
called UserTypes. I'm trying to find a way to specify at a page level what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.

The thought I had today was that it would be really cool if I could define a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.

The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.

So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish what
I'm trying to do, that would be cool too. Is this a bad idea?

Thanks in advance,

Nathan


Jan 1 '06 #2
Thanks Scott -

I did check out the PrincipalPermissionAttribute - that's pretty much what
spawned my idea. I can't use that attribute because in our scheme, the
roles are not the same as the user types. I'll check out your link and give
that a shot.

Thanks again,

Nathan


"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:15********************************@4ax.com...
Nathan:

You can create a module that hooks the PreRequestExecuteHandler. The
runtime will have created the Page by this point.
http://odetocode.com/Blogs/scott/arc...2/09/2604.aspx

Have you looked at the built-in PrincipalPermissionAttribute?
--
Scott
http://www.OdeToCode.com/blogs/scott/

On Fri, 30 Dec 2005 16:15:07 -0600, "Nathan"
<nratcliff@<REMOVE>gmail.com> wrote:
I've spent a good part of the afternoon searching Google and the
newsgroups
for some sort of answer - so I apologize if I'm asking something that has
already been asked and answered.

I'm using ASP.Net 1.1 (unfortunately 2.0 isn't an option right now) and
I'm
working on the design of a security framework for other developers in our
organization to use.

We have a handful of different types of users that are contained in an
enum
called UserTypes. I'm trying to find a way to specify at a page level
what
types of users can view a given page - basically to prevent someone from
authenticating and they typing a url to a place they shouldn't be.

The thought I had today was that it would be really cool if I could define
a
custom attribute that used our UserTypes enum to let developers easily tag
each page with the allowed user types. I thought that I could then write
"something" (HTTP Handler, Module, etc) to pull the user out of the
Context,
interrogate the page being requested for it's attribute and then send the
user to their home page if the request is invalid.

The problem I'm having is figuring out how to write that "something" - a
Module doesn't seem like it's going to work because it sits in the stream
before the handler for Page is even created. I'm thinking a module might
work, but I'm not sure how to pull that off, and, I'm not sure that I want
to load the page twice.

So... if anyone can give me a nudge in the right direction, I would really
appreciate it. Or - if someone has a better idea on how to accomplish
what
I'm trying to do, that would be cool too. Is this a bad idea?

Thanks in advance,

Nathan

Jan 3 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
13
by: MFS 43 | last post by:
Using Access 2000 and 2002 Have set up user-level security with a new .mdw file (secured.mdw). I open my database with a short cut whose target includes a command line option for the workgroup...
3
by: Br | last post by:
I'm going to go into a fair bit of detail as I'm hoping my methods may be of assistance to anyone else wanting to implement something similar (or totally confusing:) One of systems I've...
1
by: localhost | last post by:
I have decorated several classes and methods in an ASP.NET appliation with declarative security attributes for roles. For example: I currently use a Try...Finally block in calling code to...
3
by: Dave Wurtz | last post by:
All, Does anyone have ideas how they have implemented field (property) level security? I want to handle this from the business object level, not the database level. Is it best to have a...
0
by: accessman2 | last post by:
I have a question. I want to open the MS Access file with user-level Security. I know that if I do NOT setup user-level Security in the MS Access file, and create the table for login in the MS...
2
by: evenlater | last post by:
I realize that user level security is not available for Access databases in the new AK27 format .accdb, and I know that I can still utilize ULS by making my database an .mdb file. But I'm...
6
by: plaguna | last post by:
Basically I have Three questions about Jet U-L Security: 1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for...
2
by: plaguna | last post by:
I have MS Access 2007 (My Database files are saved as .mdb extension). I have no problem to create Users and Groups, and grant them specific Permissions. What I don’t understand is why when I create...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.