473,394 Members | 1,828 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > asp.net - resource security methodology

Join Bytes to post your question to a community of 473,394 software developers and data experts.

ASP.NET - Resource Security Methodology

OHM
I'm just wondering what different approaches people would/have taken to
solving the issues Im about to talk about.

When you are writing an ASP.NET application for a small group of users or an
open group of users, security of resources may not factor very highly.
However, when you begin to write an application/set of applications for a
whole organisation then how you handle security becomes a big issue.

For example. lets say our organisation has 10 departements and each of them
have their own set of applications, but some are shared between them for
example. A timesheet might be shared by all users but a business analysis
application may only be used by the finance and marketing departments. All
of these may have guest access. So for example, menu's and webforms. Need to
be enabled or checked whenever a used trys to open a form or a user performs
an action. How do we do this? Here are some approaches I have either seen or
used or thought about in the past. All involve groups or roles ( Essentially
this is the same thing funcationally )

If you are interested in commenting on your approach, please do as I would
like to see the way others have approached this issue?!?!

Many Thanks - OHM

1.) Option 1 -
In the BAL you check the users membership against the groups supplied from
the form, this could equally be done on the form itself, the problem with
this approach is that whenever you want to change access levels , this has
to be changed on the form which restarts the application.

2. Option 2
Same as option 1, but you store the access restrictions on an XML file or
equivelent, and pass to the BAL.

3. Option 3
Same as option 1 but you host a mapping table on the server. The only
problem with this is that it the becomes messy from a coding point of view
on the form because you are working with ID numbers.

4.Option 4
Totally make this programmatical. So that each resource /action on a form
relates to an ID in a resource action table. Then map this to the groups
which can access resources or perform actions. This is the most complex,
but flexible approach from these four. However this could get cumbersome and
may well slow things down if there are several hundred forms over a range of
applications, each with its own array of resources or actions.




Dec 9 '06 #1
0 864
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
fatal error CVT1100: duplicate resource. type:ICON, name:1, langua
by: Danny Pressley | last post by:
I have a VS.NET 2003 Visual C++ MFC Application Project in which I added a new resource file, I then added an icon to this new resource file and did a rebuild and got the following error: "fatal...
.NET Framework
22
Modern Development Methodology?
by: Ally | last post by:
Could someone give me an example of a modern development methodology? Just to see if I'm thinking along the right lines... P.S. Sorry for the cross posting but I couldn't find a newsgroup for...
C / C++
4
Resource editor for Visual Studio .NET
by: | last post by:
When do they plan on making this essential utility USEFUL? In its current form its pointless. How could they let this out? Its useless.
C# / C Sharp
0
HOWTO Make a UserControl deploy an embedded resource.
by: ATS | last post by:
HOWTO Make a UserControl deploy an embedded resource. Please help, I need to embed an EXE into a C# UserControl that is run from script in an HTML web page as such: <html> <object...
C# / C Sharp
5
custom resource manager in ASP.NET 2.0
by: Martin Bischoff | last post by:
Hi, is it possible to implement custom resource managers for ASP.NET 2.0 so that strings can be read from a database (for example)? Ideally, it should be possible to configure the custom...
ASP.NET
7
Visual Basic .NET Resource Kit Error
by: Madison | last post by:
I just completed the installation of the Resource Kit but I get the following error on GetStarted.aspx: Server Error in '/VB.NETResourceKit' Application....
Visual Basic .NET
2
Resource file security
by: lavu | last post by:
I have included a text file as a resource file in my VS 2003 c++ project. Hexedit of my .exe files showed the resource file as it is i.e as a straight text file while the rest of the exe was...
.NET Framework
13
URGENT: window.open does not render server-side code when aspx file pulled from a resource file
by: Bob Jones | last post by:
Here is my situation: I have an aspx file stored in a resource file. All of the C# code is written inline via <script runat="server"tags. Let's call this page B. I also have page A that contains...
ASP.NET
3
Web services and security
by: Smokey Grindle | last post by:
I want to make a security system in my webservice similar to the one that reporting services uses it has a logon user and logoff user web method... when you log on it logs you into a session and...
ASP.NET
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!