• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 163
  • Last Modified:

Page security...

Okay, so i have implemented forms authentication and authenticated users get redirected to pages depending on their "facility" assignment.

But this will not work for "clever" users who might know to just type in the page name into the url to access other pages (after authentication).

What approach should I use to implement this type of security - whereby each page can validate that the user has the right to view it??

I have a basepageexpired class, which inherits webforms and is inherited by every page.

I was thinking that in the base page I could:

- check which page i'm on
- query database to check if current user has rights to the current page

I'd have to set up a table that would be a look up for the "facility" and have page names in the column.

Does that sound about right??

Appreciate your opinions,

regards,

KS

0
Ramesh Srinivas
Asked:
Ramesh Srinivas
1 Solution
 
riyasjefCommented:
U need role based authentication

See this
http://www.codeproject.com/aspnet/rolesbasedauthentication.asp

RJ
0
 
Ramesh SrinivasTechnical ConsultantAuthor Commented:
I think i will handle it all in the database.

thanks,

KS
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now