I need to implement field level security based on the roles. I have a page Employee.aspx . In that i have ten controls. If i am enter as admin role i need to show all the controls. If i am enter as user have to show only five controls. How to design the appplication for control level security?
View 5 Replies[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I have an live website and I need to enable roles and add it to a folder. What's the best way to go about it? Do I add code to web.config? Do I add code to individual pages? Do I use the membership provider service with V W D and recopy the website?
View 7 RepliesI'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.Heres what I'm trying protected void Login1_LoggedIn(object sender, EventArgs e)
View 2 RepliesI tried googling this and have had no luck. I would like to implement membership roles without any reference to email accounts or smtp. Does anyone have information on this topic?
View 4 RepliesI have a website where users can login and they have different roles/privileges. I want to have it where the user's view of the webpage is determined by their role. Right now I am storing the role in the UserData property of the FormsAuthenticationTicket class (which is retrieved from a database during login). When the main page is loading, I want it to check the user's role and then only show the controls/portions of the page that are for that role. For example, if the user is not an administrator, they shouldn't be able to click on a button to delete a record. At the moment I am using labels to hide or show areas depending on the user's role. Something like this:
[Code]....
[Code]....
And here is a portion of the markup code with the Labels:
[Code]....
This works, but doesn't seem to be a very good way to handle this type of thing. Is there a cleaner, more elegant way of doing this? Something similar to the LoginView control, but which I can use for roles?
I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.
[Code]....
However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.
I'm using the built-in membership controls and classes to manage authorization and authentication in my app. Here's what I want to do: If the user is in "Manager" role, I want to send him/her to the manager page no matter where he/she came from. If the user is in "Supervisor" role, I want to send him/her to supervisor page no matter where he/she came from. However, if the user is not in any role, just a registered member, I want to send him/her back to where he/she came from as stated in ReturnUrl. If no, ReturnUrl is specified, I will send him/her to the home page.
On my login page, I'm using the Login server control but in my code behind, there's no method wired to the control because the control takes care of everything. I assume I need to add a method and wire it to the submit button, is that right? If so, I'll have to really handle the login event which means I'll need more info about how to do that.
I have been using the following tutorial and had to convert the code to C# for my project, now i cant get the code to work, im getting red line under the word "in" in the UpdateRolesFromList,
i tried to add a datasource on page load for the checkboxlist like so RoleList.DataSource = PopulateRoleList(User.Identity.Name.ToString());and gives me error saying cannot implictly convert type 'void' to 'object'
[URL]What am i missing, that when i load the page or even do a search it never displays the checkbox list as it shows in the tutorial?
[Code]....
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
View 1 Repliesi am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 RepliesI am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e)
{
TextBox uname = Login1.FindControl("UserName") as TextBox;
TextBox pass = Login1.FindControl("Password") as TextBox;
CheckBox rm = Login1.FindControl("RememberMe") as CheckBox;
Literal fail = Login1.FindControl("Literal1") as Literal;
if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
<siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/>....
any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes.
little addition : <siteMapNode roles="*"> appears to all nodes If I don't do roles="*" on main node, all users can't see Main node ... And I SiteMapDataSource works only if there 1 node
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
Environment Details:-
.Net Framework: 3.5
Server: Windows 2008
Webserver: IIS7
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
Problem:-
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me.
Can you anyone please help me in this.
How to implement role based security in each page.
View 2 RepliesOur solutions requires validating users against a custom database. This also includes roles which dictates what he user can do in the system. What is the best way to implement implement security, is it to use Windows Identity Foundation or the default Membership Provider and Role Provider that comes with .net?
View 2 RepliesJust wondering how to implement a user's list into website ? im using ASP.NET C#. I want to be able to:
add/delete usersadd/remove roles
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
How to do it? What best practices are?
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
View 1 RepliesI have two websites (one asp classic and the other asp.net) which we would like to implement some kind of security based on the client's hardware. We want something other than a password which could be shared. The purpose is to be sure access to information on the websites is not shared.
We were contrmplating storing hardware info in our database and validating against that upun website entry.
I have been looking into ActiveX (it would be acceptable to limit our users to IE), although we do have users who would like to use I-Phones. I have done no ActiveX development myself but have found a few articles on the web about ActiveX but that whole approach looks complicated. And also there seems to be a 64bit issue making it even more difficult.
So, I wonder if anybody has any advice as to what the best options might be for securing the website access in a way that would prevent sharing?
I need to limit the access of web application based on the number of days!
For example the application should not work more than ten days, if our client has 10 day license limit,when the user try to access the application after ten days , it should give a message like "the demo period has expired"!!
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
some link of some articles for learning N-tier architecture ....
View 5 Repliesi have my login fully working 100%Â but i when someone who is not an admin try to enter a web that is only for admins it crash
how can i make it to send a msgbox "admin only"(or something like that) Â instead of the crash of the web app ?
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies