Solved

Migrating Intranet/Internet Administration

Posted on 2004-08-13
12
229 Views
Last Modified: 2010-04-07
Hi,
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up.  This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks.  Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.  

The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.  

The navigation is an included page which only displays the tasks that they have permissions to.  Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
      if mid(session("permissions"),1,1) = "Y" then
            allowedtogo=true
      end if
end if

I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration.  Some of the tasks are divided up into sections and then the sections are divided up into categories.  We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.  

For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.

Also, sometimes we have to add or remove sections or categories.  We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.

Has anyone set something like this up before?

My question is: Can you tell me the BEST way to do this?  We are using as MSSQL 7 DB

Thanks in advance,
Ana
0
Comment
Question by:anastasiawinters
  • 5
  • 5
  • 2
12 Comments
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794297
Its kinda like managing a profile center where you define application, and give user rights over a specific applications depending on the roles defined for that application. Currently I am using the following approach that consists of following tables:

Application: This define the application, its name its purpose
ApplicationAccess:This define the access level an applicaiton can have e.g. administrator, editor, author etc
User: User specific table
UserRights: This define user id, application, and user rights over that application.

At the time of loging in, you need to loop through UserRights table and find if user has rights to access its application. In the code, you can easily enable/disable various features of an application depending on the user role.

Hope this will help, nauman
0
 

Author Comment

by:anastasiawinters
ID: 11794500
do you have it set up in groups of users or individually?
0
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794528
You can extend the functionality to set user permission based on groups. I am planning to do that for one of my application but didnt implemented it yet....It will give you more flexibility.....

Best, Nauman
0
 

Author Comment

by:anastasiawinters
ID: 11794603
Thanks,

I'd like to hear to opinions of anyone else as well.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11794854
Check here for all your options:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp

Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11794934
Thanks, have you used this before?

How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 17

Accepted Solution

by:
AerosSaga earned 250 total points
ID: 11795126
Yes I use it for some of our intranet applications that ppl have to access on *nix systems.  The link has all the details I suggest you take your info from there put I'll post some code to demonstrate.  First Make sure something like this is in your web.cofig file.

<authentication mode="Forms" >
    <forms name="synthesis" loginUrl="login.aspx" timeout="30" />
      </authentication>

Then here is the vb you use to allow/disallow access:

Private Sub ProcessLoginRequest(ByVal RedirectPage As String)
        Dim Login As String = Me.txtLogin.Text
        Dim Password As String = Me.txtPassword.Text
        Select Case AuthenticateLogin(Login, Password)
            Case 0
                Me.lblMsg.Visible = True
                Me.lblMsg.Text = "Invalid Credentials"
            Case 1
                Dim Roles As String
                Dim authTicket As FormsAuthenticationTicket
                Dim encTicket As String
                Dim cookie As HttpCookie
                                authTicket = New FormsAuthenticationTicket(1, Login, Now(), Now.AddMinutes(30), False, Roles)
                encTicket = FormsAuthentication.Encrypt(authTicket)
                cookie = New HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
                Response.Cookies.Add(cookie)
                Response.Redirect("MyRedirectPage.aspx")
        End Select
    End Sub

Then on the redirect page you can make items visible/invisible based on the roles you create...see link in above post for howto

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        Dim authTicket As FormsAuthenticationTicket
        Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
        authTicket = fi.Ticket
        HttpContext.Current.User = New GenericPrincipal(User.Identity, Split(authTicket.UserData, ","))
        If HttpContext.Current.User.IsInRole("User") Then
        End If
        If HttpContext.Current.User.IsInRole("Admin") Then
            Me.lbEdit.Visible = True
            Me.lbNewJob.Visible = True
        End If
    End Sub

Hope that clears it up for you.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11795296
Thanks, that example makes the use of it much clearer but how do I set that up in the database?

Also, we have an administration page that allows the (selected)administrators to change the permissions of other users.  Can you do that with this authentication too?
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795378
yes just create a db table with fields for UserName, Password, the user role, etc.  you will have to right a little function to retrieve these values like so, after that you can use the HttpContext.CurrentUser.IsInRole to do whatever else you need.

 Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
        'Authenticates the user against the database
        Dim cmd As New SqlCommand
        Dim ReturnValue As Integer
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisAuthenticateLogin"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Parameters.Add(New SqlParameter("@Password", Password))
        cmd.Parameters.Add(New SqlParameter("@ReturnCode", DbType.Int32))
        cmd.Parameters("@ReturnCode").Direction = ParameterDirection.ReturnValue
        cmd.Connection.Open()
        cmd.ExecuteNonQuery()
        cmd.Connection.Close()
        ReturnValue = CInt(cmd.Parameters("@ReturnCode").Value)
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return ReturnValue
    End Function
    Private Function GetRolesString(ByVal Login As String) As String
        'Returns a comma-delimited string of the user's roles
        '---------------------------------------------------------------------------------
        'For testing purposes, you can hard-code the role list and skip the database stuff
        'Return "User"
        '---------------------------------------------------------------------------------
        Dim cmd As New SqlCommand
        Dim dr As SqlDataReader
        Dim Roles As String
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisGetOperatorRoles"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Connection.Open()
        dr = cmd.ExecuteReader(CommandBehavior.CloseConnection)
        If dr.Read Then
            Roles = CStr(dr("RoleList"))
        End If
        dr.Close()
        dr = Nothing
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return Roles.ToString
    End Function

Regards,

Aeros
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795387
Just edit the roles in the DB in the administration page, easy!!

0
 

Author Comment

by:anastasiawinters
ID: 11795428
Nice, thanks for your quick responses.

I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795436
No problem, glad I could be of assistance.

Regards,

Aeros
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now