473,385 Members | 1,555 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > need advice on handling security

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Need advice on handling security

I am validating the users of my web app against a user database in SQL
Server. I then store the user object in a session variable and pass it
around to the various forms. I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator". The role
type determines what forms the user can access and certain privileges in
forms. I have menus on a master page but I don't want to hide menu items
depending on the role type. I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?

Bill
Aug 4 '07 #1
2 1033
On Aug 4, 7:46 am, "Bill Gower" <billgo...@charter.netwrote:
I am validating the users of my web app against a user database in SQL
Server. I then store the user object in a session variable and pass it
around to the various forms. I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator". The role
type determines what forms the user can access and certain privileges in
forms. I have menus on a master page but I don't want to hide menu items
depending on the role type. I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?
Hi Bill

you can check it in the code-behind

If Not User.IsInRole("Administrator") Then
Response.Write("Only administrators can see this form")
End If

you can set permissions in web.config

<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>

Hope this helps

Aug 4 '07 #2
On Aug 4, 10:14 am, Alexey Smirnov <alexey.smir...@gmail.comwrote:
On Aug 4, 7:46 am, "Bill Gower" <billgo...@charter.netwrote:
I am validating the users of my web app against a user database in SQL
Server. I then store the user object in a session variable and pass it
around to the various forms. I have a field in the user object called Role
that either holds the value "BusinessAgent" or "Administrator". The role
type determines what forms the user can access and certain privileges in
forms. I have menus on a master page but I don't want to hide menu items
depending on the role type. I would like to in the page load of each form,
look at the role type and determine whether they have permission to the form
otherwise alert them to the fact that the form is for administrators only.
What is the best way to do this?

Hi Bill

you can check it in the code-behind

If Not User.IsInRole("Administrator") Then
Response.Write("Only administrators can see this form")
End If

you can set permissions in web.config

<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>

Hope this helps
P.S. I assume that you created a FormsAuthenticationTicket with roles
and assigned it the user

Aug 4 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Advice on Php/Mysql application - User Validation
by: Ben Binskin | last post by:
Im rather new to developing mysql/php applications and am after some advice on handling user validation for a web based system, ive implimented a number of ways and would like to know which way is...
PHP
11
Possible hacking of my ASP form - Need advice
by: Jim | last post by:
Hi, I keep getting form results emailed to me that would indicate a form from my web site is getting submitted with all fields blank or empty, but my code should preventing users from proceeding...
ASP / Active Server Pages
5
I want to get into software development and need HELP!
by: mr.iali | last post by:
Hi Everyone I would like to get into software developent using a programming language like c++, java or pl/sql for oracle. I have no idea where to start from. Which language is there more...
C / C++
14
Upload a File to a Web Server and error handling
by: Al Smith | last post by:
I need help in implementing proper error handling. I am trying to upload a file based on the sample code below. The code works well except if the file selected is too big. I do know about the...
ASP.NET
12
handling events between webpages..
by: scsharma | last post by:
Hi, I am working on creating a webapplication and my design calls for creating main webform which will have menu bar on left hand side and a IFrame which will contain all the forms that are shown...
ASP.NET
1
Need Advice
by: Chris Lane | last post by:
Need Advice on prebuilt Exception Assemblies Please take a look at my post on the Titled: Need Advice on prebuilt Exception Assemblies posted on 04/21/04 Thank
Visual Basic .NET
18
Need experts opnion
by: vashwath | last post by:
Hi all, In my current project I am thinking to use setjmp/lngjmp for exception handling.The way I am planing to do this is shown in the below example. Please if this is the right way to do.Are...
C / C++
43
Need to find size of destination buffer for strncpy
by: Frodo Baggins | last post by:
Hi all, We are using strcpy to copy strings in our app. This gave us problems when the destination buffer is not large enough. As a workaround, we wanted to replace calls to strcpy with strncpy....
C / C++
0
Automatic Error Handling in Access
by: Lysander | last post by:
Thought I would give something back with a few articles. This article is a bit of code to add error handling. When I have time, I want to write articles on multilingual databases, and Access...
Microsoft Access / VBA
0
Re: Socket Programming and Data transer 'advice'
by: Chris Rebert | last post by:
On Mon, Nov 17, 2008 at 10:42 AM, Abah Joseph <joefazee@gmail.comwrote: Have you considered basing this off existing software for schools, like one of the programs listed on...
Python
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!