• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

What is the best way to manage users and roles in a 3 tier architecture web application?

I have an application that I am working on that has a 3 tier architecture. I have two derived classes from my basic user class (administrator and internal user). I am using polymorphism with these classes to give the users similar control with some minor differences of course. Basically based on the type of user, I load a different nav menu.

On each page that pertains to an administrator, I instantiate the administrator class and hold all of the objects that the admin will use inside of this class. I carry this class around in a session object to hold the data as they go along in the site. I do the same thing for the regular user.

The problem I am running into is when both users need to use the same page. I know that I can do an object type check, but this doesn't solve my problem because I declare the user type object in the class itself as oppsed to within an page_load method. Is there a way around this or should I just redo how I have the objects built? Any help would be greatly e appreciated.
1 Solution
Kelvin McDanielSr. Developer/ConsultantCommented:
Unless you have requirements that need to keep that information in session it seems like you're having the application code work much harder than it needs to. If your polymorphism solution is only used for handling permissions then there is a built-in (and I consider easier) way. Even if your solution is used for more than just navigation, you can use what I'm proposing below and still keep the majority of your solution to handle the "other" stuff.

Using the Membership provider you can control what areas of the site a user can get to based upon the roles they are in. You get this with basically zero supporting code that you have to write yourself; all you have to do is install the Membership and Roles tables in your application.

After the installation you can...
1. Use the SiteMap Web Control to automagically handle the navigation you want each role to see.
2. Include a web.config file in each physical area you want to control access to.
3. Use the User.IsInRole(role_name) method in the page to check if the user has the necessary roles and proceed accordingly

The easiest and best way to do this is using the tool that comes with the .NET Framework... here's the link so you can figure out which settings combination best fits your need. http://msdn.microsoft.com/en-us/library/x28wfk74.aspx

Make sure the page version of the link above matches the version of the .NET Framework that you're using.

Here's a tip, however... since I see you're using Oracle, you're going to want to install an appropriate version of the ODP.NET tools for 11i (and beyond). They include the necessary scripts for seamless (and painless) Oracle integration. Hopefully you're already using this tool; if so you'll find them at the following local location:
{your Oracle Home}\product\11.2.0\client_1\ASP.NET\SQL

I hope this helps!

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now