Hi
So far my application simply requests a user name and password, if user name
and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the best way?
I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
6  2479 
You can use a tinyint (0-255), and assign varying permission levels. Storing in session is always a good option.
You can use a tinyint (0-255), and assign varying permission levels. Storing in session is always a good option.
"Luke Ward" <lu******@campbelluk.com> wrote in
news:Oo**************@TK2MSFTNGP11.phx.gbl: Hi
So far my application simply requests a user name and password, if
user name and pass match an entry in the database then the page is
loaded. ------>
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the
best way? I am thinking I need to some how identify pages that require
higher permission levels to the Login.aspx, then Login.aspx can check
for a bit being set in DB or something?
I could use session vars, but was wondering if there is a mechanism
built into .Net?
Any comments welcomed.
Thanks
Luke
It is always a good idea to check on each page if the user is authentic and
has not just jumped into the middle of the web application (depending on
the application, of course).
Looks like you are asking for page level authorization.
You can write an Http module to handle authorization instead. http://msdn.microsoft.com/library/en...SecNetHT04.asp http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
-Naraen
------
"Luke Ward" <lu******@campbelluk.com> wrote in message
news:Oo****************@TK2MSFTNGP11.phx.gbl... Hi
So far my application simply requests a user name and password, if user
name and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
false);
For some pages I want to check for a permission level, what is the best
way? I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
"Luke Ward" <lu******@campbelluk.com> wrote in
news:Oo**************@TK2MSFTNGP11.phx.gbl: Hi
So far my application simply requests a user name and password, if
user name and pass match an entry in the database then the page is
loaded. ------>
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the
best way? I am thinking I need to some how identify pages that require
higher permission levels to the Login.aspx, then Login.aspx can check
for a bit being set in DB or something?
I could use session vars, but was wondering if there is a mechanism
built into .Net?
Any comments welcomed.
Thanks
Luke
It is always a good idea to check on each page if the user is authentic and
has not just jumped into the middle of the web application (depending on
the application, of course).
Looks like you are asking for page level authorization.
You can write an Http module to handle authorization instead. http://msdn.microsoft.com/library/en...SecNetHT04.asp http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
-Naraen
------
"Luke Ward" <lu******@campbelluk.com> wrote in message
news:Oo****************@TK2MSFTNGP11.phx.gbl... Hi
So far my application simply requests a user name and password, if user
name and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
false);
For some pages I want to check for a permission level, what is the best
way? I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
#...
|
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no...
|
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Tom B |
last post by:
In my web.config file I've specified Windows for the authentication, in IIS
I've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous.
Is there somewhere else I...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Albertas |
last post by:
What I'm doing wrong that I can't make my authentication to work.
Here is the situation: I'm hosting a Web Service from a Windows forms
application, using .NET Framework 3.0 WCF. And I want to...
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found...
|
by: Frank Swarbrick |
last post by:
I am trying to understand "client authentication" works. My environment is
DB2/UDB LUW 8.2 on zSeries SLES9 as the database server and DB2 for VSE 7.4
as the client. We currently have DB2/LUW set...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
