Solved

Migrating Intranet/Internet Administration

Posted on 2004-08-13
12
238 Views
Last Modified: 2010-04-07
Hi,
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up.  This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks.  Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.  

The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.  

The navigation is an included page which only displays the tasks that they have permissions to.  Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
      if mid(session("permissions"),1,1) = "Y" then
            allowedtogo=true
      end if
end if

I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration.  Some of the tasks are divided up into sections and then the sections are divided up into categories.  We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.  

For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.

Also, sometimes we have to add or remove sections or categories.  We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.

Has anyone set something like this up before?

My question is: Can you tell me the BEST way to do this?  We are using as MSSQL 7 DB

Thanks in advance,
Ana
0
Comment
Question by:anastasiawinters
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794297
Its kinda like managing a profile center where you define application, and give user rights over a specific applications depending on the roles defined for that application. Currently I am using the following approach that consists of following tables:

Application: This define the application, its name its purpose
ApplicationAccess:This define the access level an applicaiton can have e.g. administrator, editor, author etc
User: User specific table
UserRights: This define user id, application, and user rights over that application.

At the time of loging in, you need to loop through UserRights table and find if user has rights to access its application. In the code, you can easily enable/disable various features of an application depending on the user role.

Hope this will help, nauman
0
 

Author Comment

by:anastasiawinters
ID: 11794500
do you have it set up in groups of users or individually?
0
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794528
You can extend the functionality to set user permission based on groups. I am planning to do that for one of my application but didnt implemented it yet....It will give you more flexibility.....

Best, Nauman
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:anastasiawinters
ID: 11794603
Thanks,

I'd like to hear to opinions of anyone else as well.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11794854
Check here for all your options:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp

Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11794934
Thanks, have you used this before?

How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
0
 
LVL 17

Accepted Solution

by:
AerosSaga earned 250 total points
ID: 11795126
Yes I use it for some of our intranet applications that ppl have to access on *nix systems.  The link has all the details I suggest you take your info from there put I'll post some code to demonstrate.  First Make sure something like this is in your web.cofig file.

<authentication mode="Forms" > 
    <forms name="synthesis" loginUrl="login.aspx" timeout="30" />
      </authentication>

Then here is the vb you use to allow/disallow access:

Private Sub ProcessLoginRequest(ByVal RedirectPage As String)
        Dim Login As String = Me.txtLogin.Text
        Dim Password As String = Me.txtPassword.Text
        Select Case AuthenticateLogin(Login, Password)
            Case 0
                Me.lblMsg.Visible = True
                Me.lblMsg.Text = "Invalid Credentials"
            Case 1
                Dim Roles As String
                Dim authTicket As FormsAuthenticationTicket
                Dim encTicket As String
                Dim cookie As HttpCookie
                                authTicket = New FormsAuthenticationTicket(1, Login, Now(), Now.AddMinutes(30), False, Roles)
                encTicket = FormsAuthentication.Encrypt(authTicket)
                cookie = New HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
                Response.Cookies.Add(cookie)
                Response.Redirect("MyRedirectPage.aspx")
        End Select
    End Sub

Then on the redirect page you can make items visible/invisible based on the roles you create...see link in above post for howto

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        Dim authTicket As FormsAuthenticationTicket
        Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
        authTicket = fi.Ticket
        HttpContext.Current.User = New GenericPrincipal(User.Identity, Split(authTicket.UserData, ","))
        If HttpContext.Current.User.IsInRole("User") Then
        End If
        If HttpContext.Current.User.IsInRole("Admin") Then
            Me.lbEdit.Visible = True
            Me.lbNewJob.Visible = True
        End If
    End Sub

Hope that clears it up for you.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11795296
Thanks, that example makes the use of it much clearer but how do I set that up in the database?

Also, we have an administration page that allows the (selected)administrators to change the permissions of other users.  Can you do that with this authentication too?
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795378
yes just create a db table with fields for UserName, Password, the user role, etc.  you will have to right a little function to retrieve these values like so, after that you can use the HttpContext.CurrentUser.IsInRole to do whatever else you need.

 Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
        'Authenticates the user against the database
        Dim cmd As New SqlCommand
        Dim ReturnValue As Integer
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisAuthenticateLogin"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Parameters.Add(New SqlParameter("@Password", Password))
        cmd.Parameters.Add(New SqlParameter("@ReturnCode", DbType.Int32))
        cmd.Parameters("@ReturnCode").Direction = ParameterDirection.ReturnValue
        cmd.Connection.Open()
        cmd.ExecuteNonQuery()
        cmd.Connection.Close()
        ReturnValue = CInt(cmd.Parameters("@ReturnCode").Value)
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return ReturnValue
    End Function
    Private Function GetRolesString(ByVal Login As String) As String
        'Returns a comma-delimited string of the user's roles
        '---------------------------------------------------------------------------------
        'For testing purposes, you can hard-code the role list and skip the database stuff
        'Return "User"
        '---------------------------------------------------------------------------------
        Dim cmd As New SqlCommand
        Dim dr As SqlDataReader
        Dim Roles As String
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisGetOperatorRoles"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Connection.Open()
        dr = cmd.ExecuteReader(CommandBehavior.CloseConnection)
        If dr.Read Then
            Roles = CStr(dr("RoleList"))
        End If
        dr.Close()
        dr = Nothing
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return Roles.ToString
    End Function

Regards,

Aeros
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795387
Just edit the roles in the DB in the administration page, easy!!

0
 

Author Comment

by:anastasiawinters
ID: 11795428
Nice, thanks for your quick responses.

I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795436
No problem, glad I could be of assistance.

Regards,

Aeros
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question