473,326 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Access permision

Hi All,

We are about to develop a Content management system, that can view, edit
content online.

In our system, we have a file called "sample business letter"
workers... in ur system... are only allow to read (online through IE) what
ever the content they are permisionned to read

there are two workers named w1 and w2. who belong to the worker role

requrement comes saying "DON"T ALLOW W2 TO READ THE 'SAMPLE BUSINESS
LETTER'"

Assume that both know the direct url of the file "sample business letter".

How can I achieve this...
Get me a direction

Thanks,
Regards,
Nirosh.
Nov 16 '05 #1
7 1631
Nirosh,

I assume that you are developing an ASP.NET web application to achieve the
scenario that you detailed.

You therefore need to do two things:
1. Set up user authentication for your web application. In order to do this
you need to add an <authentication mode="Windows" /> or <authentication
mode="Forms"><forms loginUrl="loginForm.aspx" /></authentication> to your
web.config file (use Windows only if everyone is accessing the application
from a company LAN/WAN, use Forms if connecting from the general internet).

For Forms authentication you will need to add your own loginForm.aspx page
which accepts the username & password - check out MSDN library for more info.

For Windows authentication you will need to add <identity impersonate="true"
/> to web.config to force the application to run with the same domain user
credentials as the user on the client.

2. Enable role based authorization on the pages whose access you wish to
restrict. For windows authorization, you can simply set file access security
on the relevant web page files to allow the users who should have access and
deny those who shouldnt.

For Forms based security, you will have to add your own access logic to each
ASP.NET page which is accessed. If the user is not allowed access you can
(for example) use Server.Transfer to dump the user onto an "Unauthorised
Access" page.

I know this is all a bit complicated, but hopefully this will give you
enough information to find what you actually need in the online help.

Cheers,
Chris.
"Champika Nirosh" wrote:
Hi All,

We are about to develop a Content management system, that can view, edit
content online.

In our system, we have a file called "sample business letter"
workers... in ur system... are only allow to read (online through IE) what
ever the content they are permisionned to read

there are two workers named w1 and w2. who belong to the worker role

requrement comes saying "DON"T ALLOW W2 TO READ THE 'SAMPLE BUSINESS
LETTER'"

Assume that both know the direct url of the file "sample business letter".

How can I achieve this...
Get me a direction

Thanks,
Regards,
Nirosh.

Nov 16 '05 #2
Hi Chris,

Thanks for the detailed help. It definitely give me a direction to restrict
ASPX pages... it is also a one part of this..

The section I need little more clarification is .. if I have some content
files that are not aspx.. let assume they are some word documents.. whcih I
have to give diferent access permission for each user.. as a example if u1
and u2 belong to the same role but I may give read access/permission for u1
while given read/write access/permission to u2 for the same document.. can
you get me a hint on this line as well.

Thanks,
Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message
news:0A**********************************@microsof t.com...
Nirosh,

I assume that you are developing an ASP.NET web application to achieve the
scenario that you detailed.

You therefore need to do two things:
1. Set up user authentication for your web application. In order to do this you need to add an <authentication mode="Windows" /> or <authentication
mode="Forms"><forms loginUrl="loginForm.aspx" /></authentication> to your
web.config file (use Windows only if everyone is accessing the application
from a company LAN/WAN, use Forms if connecting from the general internet).
For Forms authentication you will need to add your own loginForm.aspx page
which accepts the username & password - check out MSDN library for more info.
For Windows authentication you will need to add <identity impersonate="true" /> to web.config to force the application to run with the same domain user
credentials as the user on the client.

2. Enable role based authorization on the pages whose access you wish to
restrict. For windows authorization, you can simply set file access security on the relevant web page files to allow the users who should have access and deny those who shouldnt.

For Forms based security, you will have to add your own access logic to each ASP.NET page which is accessed. If the user is not allowed access you can
(for example) use Server.Transfer to dump the user onto an "Unauthorised
Access" page.

I know this is all a bit complicated, but hopefully this will give you
enough information to find what you actually need in the online help.

Cheers,
Chris.
"Champika Nirosh" wrote:
Hi All,

We are about to develop a Content management system, that can view, edit
content online.

In our system, we have a file called "sample business letter"
workers... in ur system... are only allow to read (online through IE) what ever the content they are permisionned to read

there are two workers named w1 and w2. who belong to the worker role

requrement comes saying "DON"T ALLOW W2 TO READ THE 'SAMPLE BUSINESS
LETTER'"

Assume that both know the direct url of the file "sample business letter".
How can I achieve this...
Get me a direction

Thanks,
Regards,
Nirosh.

Nov 16 '05 #3
Hi Nirosh,

There are two ways (that I can immediately think of) to achieve this. If you
are using windows authentication, then setup security as per my last post.

If you are using forms based authentication, then you can store the secured
data files outside of your web virtual directory (i.e. so you cannot access
them remotely via a URL), then add an aspx page to handle access to the
files. The code behind on this page will use the credentials of the
authenticated user to determine whether or not they should have access. If
they are allowed access, it then returns the file data only on the response
stream.

See http://www.codeproject.com/aspnet/imagehandler.asp for a definition of
this technique (the example is in VB, but the technique can easily be
transferred to C#).

Regards,
Chris.

"Champika Nirosh" wrote:
Hi Chris,

Thanks for the detailed help. It definitely give me a direction to restrict
ASPX pages... it is also a one part of this..

The section I need little more clarification is .. if I have some content
files that are not aspx.. let assume they are some word documents.. whcih I
have to give diferent access permission for each user.. as a example if u1
and u2 belong to the same role but I may give read access/permission for u1
while given read/write access/permission to u2 for the same document.. can
you get me a hint on this line as well.

Thanks,
Nirosh.


Nov 16 '05 #4
Chris,

That sounds great ... I think that is what I was looking for..
Thanks for this..

Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message
news:80**********************************@microsof t.com...
Hi Nirosh,

There are two ways (that I can immediately think of) to achieve this. If you are using windows authentication, then setup security as per my last post.

If you are using forms based authentication, then you can store the secured data files outside of your web virtual directory (i.e. so you cannot access them remotely via a URL), then add an aspx page to handle access to the
files. The code behind on this page will use the credentials of the
authenticated user to determine whether or not they should have access. If
they are allowed access, it then returns the file data only on the response stream.

See http://www.codeproject.com/aspnet/imagehandler.asp for a definition of
this technique (the example is in VB, but the technique can easily be
transferred to C#).

Regards,
Chris.

"Champika Nirosh" wrote:
Hi Chris,

Thanks for the detailed help. It definitely give me a direction to restrict ASPX pages... it is also a one part of this..

The section I need little more clarification is .. if I have some content files that are not aspx.. let assume they are some word documents.. whcih I have to give diferent access permission for each user.. as a example if u1 and u2 belong to the same role but I may give read access/permission for u1 while given read/write access/permission to u2 for the same document.. can you get me a hint on this line as well.

Thanks,
Nirosh.

Nov 16 '05 #5
Hi Chris,

I was bit over excited earlier ...

Do you think that this same technique can be applied for a html page that
has images embedded in them as well..

I have some html files as well...
Nirosh.

"Champika Nirosh" <te**@test.lk> wrote in message
news:uM**************@TK2MSFTNGP15.phx.gbl...
Chris,

That sounds great ... I think that is what I was looking for..
Thanks for this..

Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message
news:80**********************************@microsof t.com...
Hi Nirosh,

There are two ways (that I can immediately think of) to achieve this. If you
are using windows authentication, then setup security as per my last post.

If you are using forms based authentication, then you can store the

secured
data files outside of your web virtual directory (i.e. so you cannot

access
them remotely via a URL), then add an aspx page to handle access to the
files. The code behind on this page will use the credentials of the
authenticated user to determine whether or not they should have access. If they are allowed access, it then returns the file data only on the

response
stream.

See http://www.codeproject.com/aspnet/imagehandler.asp for a definition of this technique (the example is in VB, but the technique can easily be
transferred to C#).

Regards,
Chris.

"Champika Nirosh" wrote:
Hi Chris,

Thanks for the detailed help. It definitely give me a direction to

restrict ASPX pages... it is also a one part of this..

The section I need little more clarification is .. if I have some content files that are not aspx.. let assume they are some word documents.. whcih I have to give diferent access permission for each user.. as a example
if u1 and u2 belong to the same role but I may give read access/permission
for
u1 while given read/write access/permission to u2 for the same document.. can you get me a hint on this line as well.

Thanks,
Nirosh.


Nov 16 '05 #6
Hi,

That might not be so easy. You can of course send and HTML file back to the
client using the same technique as the binary file, which will display as
normal in the browser. However the images in this HTML file would have to
have URLs as normal, and could therefore be accessed even if the HTML file
was blocked.

One other possibility would be to have two seperate applications (i.e.
running under different IIS virtual directories). One being the generic
application, the other being the more secure application. You would have to
devise a method to ensure that the user only enters login details once for
both applications, and also have the problem that the applications cannot
share state.

Chris.

"Champika Nirosh" wrote:
Hi Chris,

I was bit over excited earlier ...

Do you think that this same technique can be applied for a html page that
has images embedded in them as well..

I have some html files as well...
Nirosh.

"Champika Nirosh" <te**@test.lk> wrote in message
news:uM**************@TK2MSFTNGP15.phx.gbl...
Chris,

That sounds great ... I think that is what I was looking for..
Thanks for this..

Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message
news:80**********************************@microsof t.com...
Hi Nirosh,

There are two ways (that I can immediately think of) to achieve this. If

you
are using windows authentication, then setup security as per my last post.
If you are using forms based authentication, then you can store the

secured
data files outside of your web virtual directory (i.e. so you cannot

access
them remotely via a URL), then add an aspx page to handle access to the
files. The code behind on this page will use the credentials of the
authenticated user to determine whether or not they should have access. If they are allowed access, it then returns the file data only on the

response
stream.

See http://www.codeproject.com/aspnet/imagehandler.asp for a definition of this technique (the example is in VB, but the technique can easily be
transferred to C#).

Regards,
Chris.

"Champika Nirosh" wrote:

> Hi Chris,
>
> Thanks for the detailed help. It definitely give me a direction to

restrict
> ASPX pages... it is also a one part of this..
>
> The section I need little more clarification is .. if I have some

content
> files that are not aspx.. let assume they are some word documents..

whcih I
> have to give diferent access permission for each user.. as a example

if
u1
> and u2 belong to the same role but I may give read access/permission

for
u1
> while given read/write access/permission to u2 for the same document..

can
> you get me a hint on this line as well.
>
> Thanks,
> Nirosh.
>



Nov 16 '05 #7
Thanks Chris,

I really appreciate your helps..

I'll give a try on this line

Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message
news:D8**********************************@microsof t.com...
Hi,

That might not be so easy. You can of course send and HTML file back to the client using the same technique as the binary file, which will display as
normal in the browser. However the images in this HTML file would have to
have URLs as normal, and could therefore be accessed even if the HTML file
was blocked.

One other possibility would be to have two seperate applications (i.e.
running under different IIS virtual directories). One being the generic
application, the other being the more secure application. You would have to devise a method to ensure that the user only enters login details once for
both applications, and also have the problem that the applications cannot
share state.

Chris.

"Champika Nirosh" wrote:
Hi Chris,

I was bit over excited earlier ...

Do you think that this same technique can be applied for a html page that has images embedded in them as well..

I have some html files as well...
Nirosh.

"Champika Nirosh" <te**@test.lk> wrote in message
news:uM**************@TK2MSFTNGP15.phx.gbl...
Chris,

That sounds great ... I think that is what I was looking for..
Thanks for this..

Nirosh.

"Chris Ballard" <Ch**********@discussions.microsoft.com> wrote in message news:80**********************************@microsof t.com...
> Hi Nirosh,
>
> There are two ways (that I can immediately think of) to achieve this. If you
> are using windows authentication, then setup security as per my last

post.
>
> If you are using forms based authentication, then you can store the
secured
> data files outside of your web virtual directory (i.e. so you cannot
access
> them remotely via a URL), then add an aspx page to handle access to the > files. The code behind on this page will use the credentials of the
> authenticated user to determine whether or not they should have access.
If
> they are allowed access, it then returns the file data only on the
response
> stream.
>
> See http://www.codeproject.com/aspnet/imagehandler.asp for a
definition of
> this technique (the example is in VB, but the technique can easily
be > transferred to C#).
>
> Regards,
> Chris.
>
> "Champika Nirosh" wrote:
>
> > Hi Chris,
> >
> > Thanks for the detailed help. It definitely give me a direction to
restrict
> > ASPX pages... it is also a one part of this..
> >
> > The section I need little more clarification is .. if I have some
content
> > files that are not aspx.. let assume they are some word documents.. whcih I
> > have to give diferent access permission for each user.. as a example if
u1
> > and u2 belong to the same role but I may give read
access/permission for
u1
> > while given read/write access/permission to u2 for the same

document.. can
> > you get me a hint on this line as well.
> >
> > Thanks,
> > Nirosh.
> >
>


Nov 16 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Mohammed AlQuraishi | last post by:
Hi all, I'm trying to connect to an MS Access database using ADO.NET and C#, but I'm getting the dreaded "Microsoft Jet database engine cannot open the file 'x'. It is already opened exclusively...
3
by: Adam Kozlowski | last post by:
Hello, There is two lines from my script: <script language="javascript1.2"> fso = new ActiveXObject("Scripting.FileSystemObject"); ws = new ActiveXObject("WScript.Network"); </script> ...
63
by: Jerome | last post by:
Hi, I'm a bit confused ... when would I rather write an database application using MS Access and Visual Basic and when (and why) would I rather write it using Visual Studio .Net? Is it as easy...
13
by: bill | last post by:
I am trying to convince a client that dotNet is preferable to an Access project (ADP/ADE). This client currently has a large, pure Access MDB solution with 30+ users, which needs to be upgraded....
1
by: Dave | last post by:
Hello NG, Regarding access-declarations and member using-declarations as used to change the access level of an inherited base member... Two things need to be considered when determining an...
2
by: Doron | last post by:
Hi all I need to Delete a user from a database open with user that do not have permision to do so I have created a function that will create new workspace with UserName and Password of one that...
3
by: avenpace | last post by:
Hi I have python cgi script, but when I call it I got server internal error. The log in my apache is (13)Permission denied: exec of '/srv/www/cgi-bin/helo.cgi' failed Premature end of...
1
by: Jarod | last post by:
Hey I want to setup diffrent access permision to each page maybe even for some elements on the page. What's the easiest way to do it ? I plan do develop something like HasModuleAccess(string...
0
by: GregInHouston2 | last post by:
I am attempting to access the files on a share on a server in my network so I can list the files there on an intranet web page. At this point, the share permissions and the NTFS permissions are...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.