Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Dynamic Roles in ASP.NET 2.0

Posted on 2011-03-01
5
Medium Priority
?
541 Views
Last Modified: 2012-05-11
Greeting Experts,

We have a website written in ASP.NET 2.0 with numerous users. Each user’s access to various pages is controlled through the standard framework Roles. Specifically, the roles are stored in the aspnet_Roles table and the access is specified through the Web.config file using the ‘authorization / allow roles’ tag.

Example of roles include: “StandardUser” and “ManagerUser”

This works great! However, the data in the system has been divided into accounts and we now have a need to grant users different Roles (permissions) depending on which account they are in. For example User1 might be a “ManagerUser” in Account1 but a “StandardUser” in Account2. As the user switch between the two accounts, we need the Roles to switch accordingly, e.g. the management page should not be accessible while user is in Account2.

Note: Requiring the user to login with different names depending on the account is not an option.

What’s the best practice approach for handing this?

Thanks,

Karsten
0
Comment
Question by:karstenweber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 5

Expert Comment

by:Kelmen
ID: 35014770
the role is by user
now you need something by is by the data/object/item level, let's call this X

come up a term for the X, maybe like data-access-scheme
everytime items are by default non-accessible, admin need to explicit define what the user/role can do on specific type of data (Account1, Account2)
- CRUD permissions

you would best define a proper term/scheme-level/data-attributes (let's term this as Q) for these Account1, Account2
maybe like "general-data", "finanicial-sensitive-data" etc
you either fix/hardcode the Q pertain to the data in your code, or come up another engine to allow configuration
0
 

Author Comment

by:karstenweber
ID: 35018918
Thanks for the feedback. I understand that Roles are by user. I also understand that i'll need a way to specify the exact permissions for each user for each account.

My Question is what would be a best practice approach for implementing these dynamic roles? I'm hoping for suggestions on how I can leverage as much of the existing framework as possible. Is there a way to derive existing classes to achieve this? I want this to be a non-hack solution.
0
 

Accepted Solution

by:
karstenweber earned 0 total points
ID: 35028511
I believe I have it figured out.  

One option is to create a custom RoleProvider to replace the default SQLRoleProvider and then implement all the required sub / functions. This approach does not levarage the existing aspnet_Roles and requires significant amounts of code to be written from scratch.

A second option is to switch to just two roles: "BasicUser" and "AdminUser". In addition a new table is created with contains Account specific roles (permissions). This table is independent of the aspnet_Roles table. A new AccountRoles class would have methods similar to the existing Roles class, but would take the extra AccountId as a parameter.

See the Adam York blog describing "Extending functionality of the Membership Role Provider using simple techniques":

http://www.adamyork.com/post/2009/12/31/Extending-functionality-of-the-Membership-Role-Provider-using-some-simple-techniques.aspx
0
 

Author Closing Comment

by:karstenweber
ID: 35067756
I'll update this answer if I find a better appproach while working on this area.
0
 

Author Comment

by:karstenweber
ID: 35099274
FYI: I ended up writing a custom RoleProvider to replace the default SQLRoleProvider. Even thought this required significantly more code to be written it is much more flexible and allows us to do what we want today and in the future.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question