Simple Question regarding  Security of an ASP.NET Application

Posted on 2007-08-02
Last Modified: 2013-12-17
I have 3 logged in users in the NT Environment in a domain.

Their login Names being  

1)John (I want john to be Admin of the application)
2)Joe   (I want Joe to be a User)
3)Albert (I want Albert to be a User)

When they enter the website I want John to have access to all the functionalities on the webpage (Lets say I want him to see a PageLink which the other users cannot see)

I want to first get their Loggedin names and determine if he is a  Admin or User... If he is admin(John) he sees the link . Others dont see.

What is that has to be done. Can a good example be shown step by step how this can be achieved. I dont want to use database for this.
Question by:dotnet0824

    Author Comment

    I am using Visual studio.NET 2003 / Framework 1.1
    LVL 14

    Accepted Solution

    This is what you can  do.

    In your database where you store the user information add one more column say "UserType"

    1)John Administrator
    2)Joe   Normal
    3)Albert Normal

    now on your login page along with the password fetch down this field also and check the user type.
    Store it into the session.

    On your page where you put your links make separation according to user access level.
    I mean put normal user's link in one panel and admin specific links on other panel.

    On page load from the session check usertype and make panes visible/invisible.

    Hope it helps
    LVL 11

    Expert Comment

    Can you upgrade to VS 2005 Express / Framework 2.0. then you can use the built in authentication and authorization features, storing the users in the web.config file.


    LVL 1

    Expert Comment

    Which tool you are using to develop the application? If you are using Visual Studio. Net 2005 then then achieving your requirements is a piece of cake.

    In such a scenario when you want to show different views based on the type of the user, it's a good idea to create the role and then grant access to the resources based on the roles. This can be done easily using Visual Studio.Net.

    If your answer is Yes about about visual studio then follow the following steps:

    Got to "Web Site" menu and then select ASP.Net Configuration and then go the the security tab. Select the wizard and then you can do whatever you want.
    LVL 14

    Expert Comment

    Did you try that ?

    Author Comment

    Sorry..We are only using visual 2003. So the bottom line is only storing these values in database right!!!!
    LVL 14

    Expert Comment

    Yes. As I said on my first post. You store these values in database and fetch them at login time and than provide access according to the user level.
    LVL 11

    Assisted Solution

    VS2003 it is! :-) You must store them somewhere. The Web.Config file would work also. You could create an appSettings element under the configuration element in Web.config, and put the information there, as in:

         <add key="John" value = "Administrator"/>
         <add key="Joe" value = "Normal"/>
         <add key="Albert" value = "Normal"/>

    The downside to this approach is that there is no way to specify multiple roles per user - you have to arrange your roles in a hierarchical manner.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now