Hi
So far my application simply requests a user name and password, if user name
and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the best way?
I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
6  2486 
You can use a tinyint (0-255), and assign varying permission levels. Storing in session is always a good option.
You can use a tinyint (0-255), and assign varying permission levels. Storing in session is always a good option.
"Luke Ward" <lu******@campbelluk.com> wrote in
news:Oo**************@TK2MSFTNGP11.phx.gbl: Hi
So far my application simply requests a user name and password, if
user name and pass match an entry in the database then the page is
loaded. ------>
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the
best way? I am thinking I need to some how identify pages that require
higher permission levels to the Login.aspx, then Login.aspx can check
for a bit being set in DB or something?
I could use session vars, but was wondering if there is a mechanism
built into .Net?
Any comments welcomed.
Thanks
Luke
It is always a good idea to check on each page if the user is authentic and
has not just jumped into the middle of the web application (depending on
the application, of course).
Looks like you are asking for page level authorization.
You can write an Http module to handle authorization instead. http://msdn.microsoft.com/library/en...SecNetHT04.asp http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
-Naraen
------
"Luke Ward" <lu******@campbelluk.com> wrote in message
news:Oo****************@TK2MSFTNGP11.phx.gbl... Hi
So far my application simply requests a user name and password, if user
name and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
false);
For some pages I want to check for a permission level, what is the best
way? I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
"Luke Ward" <lu******@campbelluk.com> wrote in
news:Oo**************@TK2MSFTNGP11.phx.gbl: Hi
So far my application simply requests a user name and password, if
user name and pass match an entry in the database then the page is
loaded. ------>
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);
For some pages I want to check for a permission level, what is the
best way? I am thinking I need to some how identify pages that require
higher permission levels to the Login.aspx, then Login.aspx can check
for a bit being set in DB or something?
I could use session vars, but was wondering if there is a mechanism
built into .Net?
Any comments welcomed.
Thanks
Luke
It is always a good idea to check on each page if the user is authentic and
has not just jumped into the middle of the web application (depending on
the application, of course).
Looks like you are asking for page level authorization.
You can write an Http module to handle authorization instead. http://msdn.microsoft.com/library/en...SecNetHT04.asp http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
-Naraen
------
"Luke Ward" <lu******@campbelluk.com> wrote in message
news:Oo****************@TK2MSFTNGP11.phx.gbl... Hi
So far my application simply requests a user name and password, if user
name and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
false);
For some pages I want to check for a permission level, what is the best
way? I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?
I could use session vars, but was wondering if there is a mechanism built
into .Net?
Any comments welcomed.
Thanks
Luke
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
#...
|
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no...
|
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Tom B |
last post by:
In my web.config file I've specified Windows for the authentication, in IIS
I've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous.
Is there somewhere else I...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Albertas |
last post by:
What I'm doing wrong that I can't make my authentication to work.
Here is the situation: I'm hosting a Web Service from a Windows forms
application, using .NET Framework 3.0 WCF. And I want to...
|
by: troywalker |
last post by:
I am new to LDAP and Directory Services, and I have a project that
requires me to authenticate users against a Sun Java System Directory
Server in order to access the application. I have found...
|
by: Frank Swarbrick |
last post by:
I am trying to understand "client authentication" works. My environment is
DB2/UDB LUW 8.2 on zSeries SLES9 as the database server and DB2 for VSE 7.4
as the client. We currently have DB2/LUW set...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
