anastasiawinters
asked on
Migrating Intranet/Internet Administration
Hi,
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up. This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks. Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.
The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.
The navigation is an included page which only displays the tasks that they have permissions to. Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
if mid(session("permissions") ,1,1) = "Y" then
allowedtogo=true
end if
end if
I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration. Some of the tasks are divided up into sections and then the sections are divided up into categories. We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.
For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.
Also, sometimes we have to add or remove sections or categories. We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.
Has anyone set something like this up before?
My question is: Can you tell me the BEST way to do this? We are using as MSSQL 7 DB
Thanks in advance,
Ana
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up. This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks. Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.
The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.
The navigation is an included page which only displays the tasks that they have permissions to. Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
if mid(session("permissions")
allowedtogo=true
end if
end if
I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration. Some of the tasks are divided up into sections and then the sections are divided up into categories. We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.
For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.
Also, sometimes we have to add or remove sections or categories. We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.
Has anyone set something like this up before?
My question is: Can you tell me the BEST way to do this? We are using as MSSQL 7 DB
Thanks in advance,
Ana
ASKER
do you have it set up in groups of users or individually?
You can extend the functionality to set user permission based on groups. I am planning to do that for one of my application but didnt implemented it yet....It will give you more flexibility.....
Best, Nauman
Best, Nauman
ASKER
Thanks,
I'd like to hear to opinions of anyone else as well.
I'd like to hear to opinions of anyone else as well.
Check here for all your options:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp
Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.
Regards,
Aeros
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp
Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.
Regards,
Aeros
ASKER
Thanks, have you used this before?
How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, that example makes the use of it much clearer but how do I set that up in the database?
Also, we have an administration page that allows the (selected)administrators to change the permissions of other users. Can you do that with this authentication too?
Also, we have an administration page that allows the (selected)administrators to change the permissions of other users. Can you do that with this authentication too?
yes just create a db table with fields for UserName, Password, the user role, etc. you will have to right a little function to retrieve these values like so, after that you can use the HttpContext.CurrentUser.Is InRole to do whatever else you need.
Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
'Authenticates the user against the database
Dim cmd As New SqlCommand
Dim ReturnValue As Integer
cmd.Connection = New SqlConnection(Configuratio nSettings. AppSetting s("Emerald ConnStr"))
cmd.CommandType = CommandType.StoredProcedur e
cmd.CommandText = "SynthesisAuthenticateLogi n"
cmd.Parameters.Add(New SqlParameter("@Login", Login))
cmd.Parameters.Add(New SqlParameter("@Password", Password))
cmd.Parameters.Add(New SqlParameter("@ReturnCode" , DbType.Int32))
cmd.Parameters("@ReturnCod e").Direct ion = ParameterDirection.ReturnV alue
cmd.Connection.Open()
cmd.ExecuteNonQuery()
cmd.Connection.Close()
ReturnValue = CInt(cmd.Parameters("@Retu rnCode").V alue)
cmd.Connection.Dispose()
cmd.Dispose()
Return ReturnValue
End Function
Private Function GetRolesString(ByVal Login As String) As String
'Returns a comma-delimited string of the user's roles
'------------------------- ---------- ---------- ---------- ---------- ---------- ------
'For testing purposes, you can hard-code the role list and skip the database stuff
'Return "User"
'------------------------- ---------- ---------- ---------- ---------- ---------- ------
Dim cmd As New SqlCommand
Dim dr As SqlDataReader
Dim Roles As String
cmd.Connection = New SqlConnection(Configuratio nSettings. AppSetting s("Emerald ConnStr"))
cmd.CommandType = CommandType.StoredProcedur e
cmd.CommandText = "SynthesisGetOperatorRoles "
cmd.Parameters.Add(New SqlParameter("@Login", Login))
cmd.Connection.Open()
dr = cmd.ExecuteReader(CommandB ehavior.Cl oseConnect ion)
If dr.Read Then
Roles = CStr(dr("RoleList"))
End If
dr.Close()
dr = Nothing
cmd.Connection.Dispose()
cmd.Dispose()
Return Roles.ToString
End Function
Regards,
Aeros
Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
'Authenticates the user against the database
Dim cmd As New SqlCommand
Dim ReturnValue As Integer
cmd.Connection = New SqlConnection(Configuratio
cmd.CommandType = CommandType.StoredProcedur
cmd.CommandText = "SynthesisAuthenticateLogi
cmd.Parameters.Add(New SqlParameter("@Login", Login))
cmd.Parameters.Add(New SqlParameter("@Password", Password))
cmd.Parameters.Add(New SqlParameter("@ReturnCode"
cmd.Parameters("@ReturnCod
cmd.Connection.Open()
cmd.ExecuteNonQuery()
cmd.Connection.Close()
ReturnValue = CInt(cmd.Parameters("@Retu
cmd.Connection.Dispose()
cmd.Dispose()
Return ReturnValue
End Function
Private Function GetRolesString(ByVal Login As String) As String
'Returns a comma-delimited string of the user's roles
'-------------------------
'For testing purposes, you can hard-code the role list and skip the database stuff
'Return "User"
'-------------------------
Dim cmd As New SqlCommand
Dim dr As SqlDataReader
Dim Roles As String
cmd.Connection = New SqlConnection(Configuratio
cmd.CommandType = CommandType.StoredProcedur
cmd.CommandText = "SynthesisGetOperatorRoles
cmd.Parameters.Add(New SqlParameter("@Login", Login))
cmd.Connection.Open()
dr = cmd.ExecuteReader(CommandB
If dr.Read Then
Roles = CStr(dr("RoleList"))
End If
dr.Close()
dr = Nothing
cmd.Connection.Dispose()
cmd.Dispose()
Return Roles.ToString
End Function
Regards,
Aeros
Just edit the roles in the DB in the administration page, easy!!
ASKER
Nice, thanks for your quick responses.
I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
No problem, glad I could be of assistance.
Regards,
Aeros
Regards,
Aeros
Application: This define the application, its name its purpose
ApplicationAccess:This define the access level an applicaiton can have e.g. administrator, editor, author etc
User: User specific table
UserRights: This define user id, application, and user rights over that application.
At the time of loging in, you need to loop through UserRights table and find if user has rights to access its application. In the code, you can easily enable/disable various features of an application depending on the user role.
Hope this will help, nauman