Solved

Migrating Intranet/Internet Administration

Posted on 2004-08-13
12
232 Views
Last Modified: 2010-04-07
Hi,
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up.  This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks.  Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.  

The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.  

The navigation is an included page which only displays the tasks that they have permissions to.  Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
      if mid(session("permissions"),1,1) = "Y" then
            allowedtogo=true
      end if
end if

I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration.  Some of the tasks are divided up into sections and then the sections are divided up into categories.  We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.  

For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.

Also, sometimes we have to add or remove sections or categories.  We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.

Has anyone set something like this up before?

My question is: Can you tell me the BEST way to do this?  We are using as MSSQL 7 DB

Thanks in advance,
Ana
0
Comment
Question by:anastasiawinters
  • 5
  • 5
  • 2
12 Comments
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794297
Its kinda like managing a profile center where you define application, and give user rights over a specific applications depending on the roles defined for that application. Currently I am using the following approach that consists of following tables:

Application: This define the application, its name its purpose
ApplicationAccess:This define the access level an applicaiton can have e.g. administrator, editor, author etc
User: User specific table
UserRights: This define user id, application, and user rights over that application.

At the time of loging in, you need to loop through UserRights table and find if user has rights to access its application. In the code, you can easily enable/disable various features of an application depending on the user role.

Hope this will help, nauman
0
 

Author Comment

by:anastasiawinters
ID: 11794500
do you have it set up in groups of users or individually?
0
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794528
You can extend the functionality to set user permission based on groups. I am planning to do that for one of my application but didnt implemented it yet....It will give you more flexibility.....

Best, Nauman
0
ScreenConnect 6.0 Free Trial

Want empowering updates? You're in the right place! Discover new features in ScreenConnect 6.0, based on partner feedback, to keep you business operating smoothly and optimally (the way it should be). Explore all of the extras and enhancements for yourself!

 

Author Comment

by:anastasiawinters
ID: 11794603
Thanks,

I'd like to hear to opinions of anyone else as well.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11794854
Check here for all your options:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp

Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11794934
Thanks, have you used this before?

How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
0
 
LVL 17

Accepted Solution

by:
AerosSaga earned 250 total points
ID: 11795126
Yes I use it for some of our intranet applications that ppl have to access on *nix systems.  The link has all the details I suggest you take your info from there put I'll post some code to demonstrate.  First Make sure something like this is in your web.cofig file.

<authentication mode="Forms" > 
    <forms name="synthesis" loginUrl="login.aspx" timeout="30" />
      </authentication>

Then here is the vb you use to allow/disallow access:

Private Sub ProcessLoginRequest(ByVal RedirectPage As String)
        Dim Login As String = Me.txtLogin.Text
        Dim Password As String = Me.txtPassword.Text
        Select Case AuthenticateLogin(Login, Password)
            Case 0
                Me.lblMsg.Visible = True
                Me.lblMsg.Text = "Invalid Credentials"
            Case 1
                Dim Roles As String
                Dim authTicket As FormsAuthenticationTicket
                Dim encTicket As String
                Dim cookie As HttpCookie
                                authTicket = New FormsAuthenticationTicket(1, Login, Now(), Now.AddMinutes(30), False, Roles)
                encTicket = FormsAuthentication.Encrypt(authTicket)
                cookie = New HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
                Response.Cookies.Add(cookie)
                Response.Redirect("MyRedirectPage.aspx")
        End Select
    End Sub

Then on the redirect page you can make items visible/invisible based on the roles you create...see link in above post for howto

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        Dim authTicket As FormsAuthenticationTicket
        Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
        authTicket = fi.Ticket
        HttpContext.Current.User = New GenericPrincipal(User.Identity, Split(authTicket.UserData, ","))
        If HttpContext.Current.User.IsInRole("User") Then
        End If
        If HttpContext.Current.User.IsInRole("Admin") Then
            Me.lbEdit.Visible = True
            Me.lbNewJob.Visible = True
        End If
    End Sub

Hope that clears it up for you.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11795296
Thanks, that example makes the use of it much clearer but how do I set that up in the database?

Also, we have an administration page that allows the (selected)administrators to change the permissions of other users.  Can you do that with this authentication too?
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795378
yes just create a db table with fields for UserName, Password, the user role, etc.  you will have to right a little function to retrieve these values like so, after that you can use the HttpContext.CurrentUser.IsInRole to do whatever else you need.

 Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
        'Authenticates the user against the database
        Dim cmd As New SqlCommand
        Dim ReturnValue As Integer
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisAuthenticateLogin"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Parameters.Add(New SqlParameter("@Password", Password))
        cmd.Parameters.Add(New SqlParameter("@ReturnCode", DbType.Int32))
        cmd.Parameters("@ReturnCode").Direction = ParameterDirection.ReturnValue
        cmd.Connection.Open()
        cmd.ExecuteNonQuery()
        cmd.Connection.Close()
        ReturnValue = CInt(cmd.Parameters("@ReturnCode").Value)
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return ReturnValue
    End Function
    Private Function GetRolesString(ByVal Login As String) As String
        'Returns a comma-delimited string of the user's roles
        '---------------------------------------------------------------------------------
        'For testing purposes, you can hard-code the role list and skip the database stuff
        'Return "User"
        '---------------------------------------------------------------------------------
        Dim cmd As New SqlCommand
        Dim dr As SqlDataReader
        Dim Roles As String
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisGetOperatorRoles"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Connection.Open()
        dr = cmd.ExecuteReader(CommandBehavior.CloseConnection)
        If dr.Read Then
            Roles = CStr(dr("RoleList"))
        End If
        dr.Close()
        dr = Nothing
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return Roles.ToString
    End Function

Regards,

Aeros
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795387
Just edit the roles in the DB in the administration page, easy!!

0
 

Author Comment

by:anastasiawinters
ID: 11795428
Nice, thanks for your quick responses.

I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795436
No problem, glad I could be of assistance.

Regards,

Aeros
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question