?
Solved

Migrating Intranet/Internet Administration

Posted on 2004-08-13
12
Medium Priority
?
244 Views
Last Modified: 2010-04-07
Hi,
We are in the process of migrating our current sites from ASP to ASP.NET and I would like to change the way our admin section is set up.  This is the way we have it currently:
We have a table of Administrators that contains their names, etc and also contains their permissions to the various admin tasks.  Each task has a bit field in the table and if the administrator can access that task then they get a 1 and if not then they get a 0.  

The permissions are changed by either checking or unchecking a checkbox. When they login their permissions are read from the table and they are assigned a session variable that looks like this "YNNNNNNNNNNNNNNNNN", each Y stands for the tasks that they are allowed to perform.  

The navigation is an included page which only displays the tasks that they have permissions to.  Each page checks the location of it's "Y" against the session to validate the user like this:
if mid(permission,1,1) = "Y" then
      if mid(session("permissions"),1,1) = "Y" then
            allowedtogo=true
      end if
end if

I realize that this is a VERY poor way to set this up (I didn't create it) and I want to change this during our migration.  Some of the tasks are divided up into sections and then the sections are divided up into categories.  We want to change this so that the users who have permissions to tasks only have permissions to specific sections in those tasks if there are sections.  

For example, if a user is supposed to manage the links for the General and Accounting sections then they shouldn't be able to see or change any links that belong to other sections.

Also, sometimes we have to add or remove sections or categories.  We are thinking along the lines of having groups set up but there are only about 15 administrators right now and we are not sure how to go abou doing this.

Has anyone set something like this up before?

My question is: Can you tell me the BEST way to do this?  We are using as MSSQL 7 DB

Thanks in advance,
Ana
0
Comment
Question by:anastasiawinters
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794297
Its kinda like managing a profile center where you define application, and give user rights over a specific applications depending on the roles defined for that application. Currently I am using the following approach that consists of following tables:

Application: This define the application, its name its purpose
ApplicationAccess:This define the access level an applicaiton can have e.g. administrator, editor, author etc
User: User specific table
UserRights: This define user id, application, and user rights over that application.

At the time of loging in, you need to loop through UserRights table and find if user has rights to access its application. In the code, you can easily enable/disable various features of an application depending on the user role.

Hope this will help, nauman
0
 

Author Comment

by:anastasiawinters
ID: 11794500
do you have it set up in groups of users or individually?
0
 
LVL 25

Expert Comment

by:nauman_ahmed
ID: 11794528
You can extend the functionality to set user permission based on groups. I am planning to do that for one of my application but didnt implemented it yet....It will give you more flexibility.....

Best, Nauman
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:anastasiawinters
ID: 11794603
Thanks,

I'd like to hear to opinions of anyone else as well.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11794854
Check here for all your options:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthentication.asp

Active Directory Integration is by far the best, but from your description the ASP.NET Forms Authentication should be able to do everything you want, and fix that awful mess you described.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11794934
Thanks, have you used this before?

How do set this up so that I can not only validate the users but also display and allow only their allowed tasks?
0
 
LVL 17

Accepted Solution

by:
AerosSaga earned 1000 total points
ID: 11795126
Yes I use it for some of our intranet applications that ppl have to access on *nix systems.  The link has all the details I suggest you take your info from there put I'll post some code to demonstrate.  First Make sure something like this is in your web.cofig file.

<authentication mode="Forms" > 
    <forms name="synthesis" loginUrl="login.aspx" timeout="30" />
      </authentication>

Then here is the vb you use to allow/disallow access:

Private Sub ProcessLoginRequest(ByVal RedirectPage As String)
        Dim Login As String = Me.txtLogin.Text
        Dim Password As String = Me.txtPassword.Text
        Select Case AuthenticateLogin(Login, Password)
            Case 0
                Me.lblMsg.Visible = True
                Me.lblMsg.Text = "Invalid Credentials"
            Case 1
                Dim Roles As String
                Dim authTicket As FormsAuthenticationTicket
                Dim encTicket As String
                Dim cookie As HttpCookie
                                authTicket = New FormsAuthenticationTicket(1, Login, Now(), Now.AddMinutes(30), False, Roles)
                encTicket = FormsAuthentication.Encrypt(authTicket)
                cookie = New HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
                Response.Cookies.Add(cookie)
                Response.Redirect("MyRedirectPage.aspx")
        End Select
    End Sub

Then on the redirect page you can make items visible/invisible based on the roles you create...see link in above post for howto

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        Dim authTicket As FormsAuthenticationTicket
        Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
        authTicket = fi.Ticket
        HttpContext.Current.User = New GenericPrincipal(User.Identity, Split(authTicket.UserData, ","))
        If HttpContext.Current.User.IsInRole("User") Then
        End If
        If HttpContext.Current.User.IsInRole("Admin") Then
            Me.lbEdit.Visible = True
            Me.lbNewJob.Visible = True
        End If
    End Sub

Hope that clears it up for you.

Regards,

Aeros
0
 

Author Comment

by:anastasiawinters
ID: 11795296
Thanks, that example makes the use of it much clearer but how do I set that up in the database?

Also, we have an administration page that allows the (selected)administrators to change the permissions of other users.  Can you do that with this authentication too?
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795378
yes just create a db table with fields for UserName, Password, the user role, etc.  you will have to right a little function to retrieve these values like so, after that you can use the HttpContext.CurrentUser.IsInRole to do whatever else you need.

 Private Function AuthenticateLogin(ByVal Login As String, ByVal Password As String) As Integer
        'Authenticates the user against the database
        Dim cmd As New SqlCommand
        Dim ReturnValue As Integer
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisAuthenticateLogin"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Parameters.Add(New SqlParameter("@Password", Password))
        cmd.Parameters.Add(New SqlParameter("@ReturnCode", DbType.Int32))
        cmd.Parameters("@ReturnCode").Direction = ParameterDirection.ReturnValue
        cmd.Connection.Open()
        cmd.ExecuteNonQuery()
        cmd.Connection.Close()
        ReturnValue = CInt(cmd.Parameters("@ReturnCode").Value)
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return ReturnValue
    End Function
    Private Function GetRolesString(ByVal Login As String) As String
        'Returns a comma-delimited string of the user's roles
        '---------------------------------------------------------------------------------
        'For testing purposes, you can hard-code the role list and skip the database stuff
        'Return "User"
        '---------------------------------------------------------------------------------
        Dim cmd As New SqlCommand
        Dim dr As SqlDataReader
        Dim Roles As String
        cmd.Connection = New SqlConnection(ConfigurationSettings.AppSettings("EmeraldConnStr"))
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SynthesisGetOperatorRoles"
        cmd.Parameters.Add(New SqlParameter("@Login", Login))
        cmd.Connection.Open()
        dr = cmd.ExecuteReader(CommandBehavior.CloseConnection)
        If dr.Read Then
            Roles = CStr(dr("RoleList"))
        End If
        dr.Close()
        dr = Nothing
        cmd.Connection.Dispose()
        cmd.Dispose()
        Return Roles.ToString
    End Function

Regards,

Aeros
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795387
Just edit the roles in the DB in the administration page, easy!!

0
 

Author Comment

by:anastasiawinters
ID: 11795428
Nice, thanks for your quick responses.

I'm not going to use it yet as we need to decide the exact structure but you've given me a lot of useful information.
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11795436
No problem, glad I could be of assistance.

Regards,

Aeros
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have developed many web applications with asp & asp.net and to add and use a dropdownlist was always a very simple task, but with the new asp.net, setting the value is a bit tricky and its not similar to the old traditional method. So in this a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question