We help IT Professionals succeed at work.

Programatically manage .net authorization rules

dbyra
dbyra asked
on
931 Views
Last Modified: 2012-05-07
Hi,
I'm building a management/reporting web project in c#, asp.net 3.5 and I'm using the .net membership and roles framework to manage the users of this web site.
In the site there will be an admin section where administrators can manage all users and roles for the application. I also want to have a section that allows administrators to manage the authorization rules for the application, much like the WSAT only this would be in the production environment.
Firstly, is there any way to implement authorization rules without adding <authorization> nodes to the web.config file???
I've looked at the 4guysfromrolla article on how to roll your own WSAT
http://aspnet.4guysfromrolla.com/articles/053007-1.aspx
but I'm not sure that I want to be editing the web.config file on the fly in a production environment.
Would I be better off storing my own authorization rules in a DB and implementing them at Application_OnPostAuthenticateRequest ??
I haven't found a lot of information on managing authorization rules in a production environment....hopefully someone can point me in the right direction!
Comment
Watch Question

Senior Consultant - Deloitte
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Forgot to tell you;

you can use the UserAuthorized function like that:

If you put the AuthAcID values as constant values or variable values in your application:
cmdUpdateOrders.Enabled = UserAuthorized (Session("userID"), CONST_UpdateOrders)

Or you can declare the same variable in every function:
Private void CmdUpdateOrders_Click (......)
{
int lintFunctionID = 13;
cmdUpdateOrders.Enabled = UserAuthorized (Session("userID"), lintFunctionID)
...
}
and paste the 2 lines in every function, and only change the function id value according to the action values in db.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.