By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,985 Members | 1,776 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,985 IT Pros & Developers. It's quick & easy.

How to create an admin account

P: n/a
I admit this not being C# specific but i don't know where else to start.

My application needs an "administrator" user id. This would function
just like the "administrator" user id in windows. The account is
built-in. The only thing that is configurable about the account is the
password.

What i don't know how to do is create an account like that. Is the user
id and pwd treated like all the other accounts? Stored in the DB? How
is special treatment given to that account? Should the user id be
hardcoded into the system?

Any documents or whatever that suggest a good way to approach this would
be greatly appreciated.

dan
Oct 11 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a
You need to create a user that is a member of the built-in system
"Administrators" group.

Dan Holmes wrote:
I admit this not being C# specific but i don't know where else to start.

My application needs an "administrator" user id. This would function
just like the "administrator" user id in windows. The account is
built-in. The only thing that is configurable about the account is the
password.

What i don't know how to do is create an account like that. Is the user
id and pwd treated like all the other accounts? Stored in the DB? How
is special treatment given to that account? Should the user id be
hardcoded into the system?

Any documents or whatever that suggest a good way to approach this would
be greatly appreciated.

dan
Oct 11 '06 #2

P: n/a
Dan Holmes wrote:
I admit this not being C# specific but i don't know where else to start.

My application needs an "administrator" user id. This would function
just like the "administrator" user id in windows. The account is
built-in. The only thing that is configurable about the account is the
password.

What i don't know how to do is create an account like that. Is the user
id and pwd treated like all the other accounts? Stored in the DB? How
is special treatment given to that account? Should the user id be
hardcoded into the system?

Any documents or whatever that suggest a good way to approach this would
be greatly appreciated.

dan
Hi Dan,

There are various approaches to what you are trying to accomplish, but
without anymore information about the security mechanisms you already
implement it's hard to suggest anything concrete.

From your post, I'm inferring that you already have some sort of
authentication system in place, for an application?

If this is the case, then can you provide any more information about what
you're doing, how you're doing it? If it's not, then are you looking for
an entire security implementation?

--
Hope this helps,
Tom Spink

Google first, ask later.
Oct 11 '06 #3

P: n/a
Tom Spink wrote:
>
Hi Dan,
....
>
From your post, I'm inferring that you already have some sort of
authentication system in place, for an application?

If this is the case, then can you provide any more information about what
you're doing, how you're doing it? If it's not, then are you looking for
an entire security implementation?
Yes, i have a security solution but i don't like the way that the admins
are handled. Right now any user with all rights is an admin. That
requires a manual SQL insert when the application is installed.

I currently have a table that holds user information and another table
that contains the things that the user is authorized to do. I can
provide more if you need it but didn't want to add too much.

What i am trying to do is not store a user in the DB named "admin" but i
also don't want code that looks like:

if (userID == "Admin") { /*do admin stuff*/ }

There must be a solution between those two extremes.

dan
Oct 12 '06 #4

P: n/a
Dan Holmes wrote:
Tom Spink wrote:
>>
Hi Dan,
...
>>
From your post, I'm inferring that you already have some sort of
authentication system in place, for an application?

If this is the case, then can you provide any more information about what
you're doing, how you're doing it? If it's not, then are you looking for
an entire security implementation?
Yes, i have a security solution but i don't like the way that the admins
are handled. Right now any user with all rights is an admin. That
requires a manual SQL insert when the application is installed.

I currently have a table that holds user information and another table
that contains the things that the user is authorized to do. I can
provide more if you need it but didn't want to add too much.

What i am trying to do is not store a user in the DB named "admin" but i
also don't want code that looks like:

if (userID == "Admin") { /*do admin stuff*/ }

There must be a solution between those two extremes.

dan
Hi Dan,

Thanks for the extra information. At the simplest level, all I suggest is
adding a field to your users table, to specify whether or not that user has
admin rights, then when a privileged operation needs to happen, check the
value of that field. I assume you store somewhere the ID of the user
currently logged on; if you extend that to include the admin flag, then
whenever you need a privileged operation, you can check against that.

--
Hope this helps,
Tom Spink

Google first, ask later.
Oct 12 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.