Link to home
Start Free TrialLog in
Avatar of kdunnett
kdunnett

asked on

Page/control level security, application defined

All,

I'm building an Intranet web app with; asp.net, c#, .net 2.0, etc...  And we have an internal security scheme (user 'abc' is a director, and a director can access any page/control that a director should within the application).  There could be a heirarchy of security access (i.e. no access, read only, write/read, etc) but not yet decided on.  I would like to keep it pretty basic.

What are the best practices of building something like this?

I did some googling, and getting nothing close to what i'm after.

Kris
Avatar of RDdice
RDdice
Flag of United States of America image

Do you plan on using Windows Authentication or using your own database solution. ASP.NET 2.0+ has built in membership handlers for most of the work you are looking for.

A good resource on how to use these is a book called, Professional Asp.net 2.0, it's Red and Yellow from Wrox.
Avatar of kdunnett
kdunnett

ASKER

I'm planning on using Windows authentication initally at least, but after that, it'll be my own db solution.

My hope is that there will be basic rights to modules (read, write, etc), then there will be groups (a 'director' group has read to mod1, write to mod2 and mod3, no access to mod4).  The groups will be predefine selections to aid the administrator.  So, in the above example, when the user logs on, they will only see urls to three modules, and be able to edit in two of them.

I do have that book, its stuck at a co worker's place right now.  I'll get him to bring it in.

Do you have any examples/tutorials that i can look at now?
ASKER CERTIFIED SOLUTION
Avatar of RDdice
RDdice
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You can also use role management without using windows authentication.  You can set it up in the web.config. You can also create folder level role management with web.config files in each subfolder.

Here is a link that may help.

http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx
Thanks!  It worked... sorry for the lateness of responding.