What is the best way to manage users and roles in a 3 tier architecture web application?

Posted on 2011-10-07
Last Modified: 2012-05-12
I have an application that I am working on that has a 3 tier architecture. I have two derived classes from my basic user class (administrator and internal user). I am using polymorphism with these classes to give the users similar control with some minor differences of course. Basically based on the type of user, I load a different nav menu.

On each page that pertains to an administrator, I instantiate the administrator class and hold all of the objects that the admin will use inside of this class. I carry this class around in a session object to hold the data as they go along in the site. I do the same thing for the regular user.

The problem I am running into is when both users need to use the same page. I know that I can do an object type check, but this doesn't solve my problem because I declare the user type object in the class itself as oppsed to within an page_load method. Is there a way around this or should I just redo how I have the objects built? Any help would be greatly e appreciated.
Question by:bschave2
    1 Comment
    LVL 11

    Accepted Solution

    Unless you have requirements that need to keep that information in session it seems like you're having the application code work much harder than it needs to. If your polymorphism solution is only used for handling permissions then there is a built-in (and I consider easier) way. Even if your solution is used for more than just navigation, you can use what I'm proposing below and still keep the majority of your solution to handle the "other" stuff.

    Using the Membership provider you can control what areas of the site a user can get to based upon the roles they are in. You get this with basically zero supporting code that you have to write yourself; all you have to do is install the Membership and Roles tables in your application.

    After the installation you can...
    1. Use the SiteMap Web Control to automagically handle the navigation you want each role to see.
    2. Include a web.config file in each physical area you want to control access to.
    3. Use the User.IsInRole(role_name) method in the page to check if the user has the necessary roles and proceed accordingly

    The easiest and best way to do this is using the tool that comes with the .NET Framework... here's the link so you can figure out which settings combination best fits your need.

    Make sure the page version of the link above matches the version of the .NET Framework that you're using.

    Here's a tip, however... since I see you're using Oracle, you're going to want to install an appropriate version of the ODP.NET tools for 11i (and beyond). They include the necessary scripts for seamless (and painless) Oracle integration. Hopefully you're already using this tool; if so you'll find them at the following local location:
    {your Oracle Home}\product\11.2.0\client_1\ASP.NET\SQL

    I hope this helps!

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
    This video shows how to recover a database from a user managed backup

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now