[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

Simple Question regarding Security of an ASP.NET Application

I have 3 logged in users in the NT Environment in a domain.

Their login Names being  

1)John (I want john to be Admin of the application)
2)Joe   (I want Joe to be a User)
3)Albert (I want Albert to be a User)

When they enter the website I want John to have access to all the functionalities on the webpage (Lets say I want him to see a PageLink which the other users cannot see)

I want to first get their Loggedin names and determine if he is a  Admin or User... If he is admin(John) he sees the link . Others dont see.

What is that has to be done. Can a good example be shown step by step how this can be achieved. I dont want to use database for this.
0
dotnet0824
Asked:
dotnet0824
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
dotnet0824Author Commented:
I am using Visual studio.NET 2003 / Framework 1.1
0
 
chinu1310Commented:
This is what you can  do.

In your database where you store the user information add one more column say "UserType"

1)John Administrator
2)Joe   Normal
3)Albert Normal

now on your login page along with the password fetch down this field also and check the user type.
Store it into the session.

---
On your page where you put your links make separation according to user access level.
I mean put normal user's link in one panel and admin specific links on other panel.

On page load from the session check usertype and make panes visible/invisible.

Hope it helps
0
 
anyoneisCommented:
Can you upgrade to VS 2005 Express / Framework 2.0. then you can use the built in authentication and authorization features, storing the users in the web.config file.

David

0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
run2004Commented:
Which tool you are using to develop the application? If you are using Visual Studio. Net 2005 then then achieving your requirements is a piece of cake.

In such a scenario when you want to show different views based on the type of the user, it's a good idea to create the role and then grant access to the resources based on the roles. This can be done easily using Visual Studio.Net.

If your answer is Yes about about visual studio then follow the following steps:

Got to "Web Site" menu and then select ASP.Net Configuration and then go the the security tab. Select the wizard and then you can do whatever you want.
0
 
chinu1310Commented:
Did you try that ?
0
 
dotnet0824Author Commented:
Sorry..We are only using visual studio.net 2003. So the bottom line is only storing these values in database right!!!!
0
 
chinu1310Commented:
Yes. As I said on my first post. You store these values in database and fetch them at login time and than provide access according to the user level.
0
 
anyoneisCommented:
VS2003 it is! :-) You must store them somewhere. The Web.Config file would work also. You could create an appSettings element under the configuration element in Web.config, and put the information there, as in:

<appSettings>
     <add key="John" value = "Administrator"/>
     <add key="Joe" value = "Normal"/>
     <add key="Albert" value = "Normal"/>
</appSettings>

The downside to this approach is that there is no way to specify multiple roles per user - you have to arrange your roles in a hierarchical manner.

David
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now