Global.asax beginner question

Is this "webapp" object a per user object? If so, initiating it from
the session_start seems to be the right place.

Alex

Yes.
I figured having a per user/session object which, when the user logs
in, will contain their permissions, ID (for db manipulation) and a few
other needed bits of information.
Each page will contain an object specifying the access level needed to
view that page, with a redirect for failed access.

Does this sound like an ok way of doing things?

I asked about the global.asax as I wanted to make sure storing login
information in an object from there was secure ie no-one could
manipulate it to login without credentials.

One way to do it with forms authentication is set up a user and password
table with role information. You can then use the role settings to allow for
specific page access.
--
Paul G
Software engineer.
"^MisterJingo^" wrote:

Yes.
I figured having a per user/session object which, when the user logs
in, will contain their permissions, ID (for db manipulation) and a few
other needed bits of information.
Each page will contain an object specifying the access level needed to
view that page, with a redirect for failed access.

Does this sound like an ok way of doing things?

I asked about the global.asax as I wanted to make sure storing login
information in an object from there was secure ie no-one could
manipulate it to login without credentials.

None of this is needed or even possibly desireable with ASP.NET 2.0
Membership, Roles and Profiles.

--
<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://clintongallagher.metromilwaukee.com/
"Paul" <Pa**@discussions.microsoft.com> wrote in message
news:07**********************************@microsof t.com...

One way to do it with forms authentication is set up a user and password
table with role information. You can then use the role settings to allow
for
specific page access.
--
Paul G
Software engineer.
"^MisterJingo^" wrote:

Yes.
I figured having a per user/session object which, when the user logs
in, will contain their permissions, ID (for db manipulation) and a few
other needed bits of information.
Each page will contain an object specifying the access level needed to
view that page, with a redirect for failed access.

Does this sound like an ok way of doing things?

I asked about the global.asax as I wanted to make sure storing login
information in an object from there was secure ie no-one could
manipulate it to login without credentials.

clintonG wrote:

None of this is needed or even possibly desireable with ASP.NET 2.0
Membership, Roles and Profiles.

I can't use membership, roles and profiles as I am using MySQL. I am
not willing to pay out hundreds of pounds a month to host on MS-SQL for
a personal project when I could write what is needed and use MySQL for
free.
I have tried some ODBC membership/role providers but they don't work
or are very buggy.
So out of curiosity, why isn't it desireable?

Have not worked with asp.net 2.0 but heard it automates all of this for you
or makes it very easy to set up. I used roles, password and user tables with
MySQL and asp.net 1.1. Seems to work fine as we only have a few hundred
users.

table 1.

*************************************
* user id * user name * password * role id*
*************************************
table2
*******************************
* role id * role level *
*******************************

--
Paul G
Software engineer.
"^MisterJingo^" wrote:

clintonG wrote:

None of this is needed or even possibly desireable with ASP.NET 2.0
Membership, Roles and Profiles.

I can't use membership, roles and profiles as I am using MySQL. I am
not willing to pay out hundreds of pounds a month to host on MS-SQL for
a personal project when I could write what is needed and use MySQL for
free.
I have tried some ODBC membership/role providers but they don't work
or are very buggy.
So out of curiosity, why isn't it desireable?

Paul wrote:

Have not worked with asp.net 2.0 but heard it automates all of this for you
or makes it very easy to set up. I used roles, password and user tables with
MySQL and asp.net 1.1. Seems to work fine as we only have a few hundred
users.

table 1.

*************************************
* user id * user name * password * role id*
*************************************
table2
*******************************
* role id * role level *
*******************************

Hi Paul,

This is what I've done. On login auth, a session object stores the role
and it is checked against a page object, redirecting if the user has
not got the needed role.
The objects which create this functionality in .net2.0 are catered to
MS-SQL. Its supposedly possible to inherit from the base of these
objects to write your own version for your own DB. But it seems like a
LOT of work, and the ones i've downloaded from the net (created by
other users for MySQL) don't seem to work correctly.
Also, compared to the objects I can create to enable this
functionality and secure the site, the pre-rolled .net 2.0 ones seem
pretty large.

A few posts up clintonG says writing your own isn't desirable and i'm
curious why - I don't want to inadvertantly leave security holes in the
site.

ok thanks for the additional information. I am wondering why as well,
hopefully clintonG will respond--
Paul G
Software engineer.
"^MisterJingo^" wrote:

Paul wrote:

Have not worked with asp.net 2.0 but heard it automates all of this for you
or makes it very easy to set up. I used roles, password and user tables with
MySQL and asp.net 1.1. Seems to work fine as we only have a few hundred
users.

table 1.

*************************************
* user id * user name * password * role id*
*************************************
table2
*******************************
* role id * role level *
*******************************

Hi Paul,

This is what I've done. On login auth, a session object stores the role
and it is checked against a page object, redirecting if the user has
not got the needed role.
The objects which create this functionality in .net2.0 are catered to
MS-SQL. Its supposedly possible to inherit from the base of these
objects to write your own version for your own DB. But it seems like a
LOT of work, and the ones i've downloaded from the net (created by
other users for MySQL) don't seem to work correctly.
Also, compared to the objects I can create to enable this
functionality and secure the site, the pre-rolled .net 2.0 ones seem
pretty large.

A few posts up clintonG says writing your own isn't desirable and i'm
curious why - I don't want to inadvertantly leave security holes in the
site.