Security :: Access Control List - Best Practice / Advice

Jan 14, 2010

I have been investigating the best way that I can secure my MVC application and restrict specific functionality from users. My first approach was using role management. I thought of expanding the membership database by writing an interface that would allow me to create groups of functionality i.e. 'manage customer' and then another table would hold 'activity' information for that group i.e. 'create', 'edit', 'transfer', etc. I would then create another table to link groups of functionality to specific roles and then assign my users to the roles. At first this seemed ok but I soon realised that I was a level of granularity missing. Not every user who is assigned to a specific role should have access to all of the functionality for a given group attached to a role, damn! I then thought that I could create another linking table that would hold 'access exceptions' i.e. this table would contain entries of a userid and activity id that a specific user was excluded from.

Does this approach make any sense? Is the creation of databases tables and an interface the best approach to this?

View 1 Replies


Similar Messages:

Discretionary Access Control List (DACL) For .Net Security?

Jun 21, 2010

I am interesting in using a Discretionary Access Control List with Membership provided by .Net Security.

Are there any implementations of this that exist in .Net or open source?

Is there a way to use .Net security as a DACL?

View 1 Replies

Security :: Session Management Best Practice Without Membership Control?

Apr 14, 2010

I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.

View 5 Replies

Custom Server Controls :: Looking For Pointers/advice For Creating This Control?

Jan 18, 2011

Within an existing ASP.NET page I've created the following layout, which is a tabbed header and content area. When the tabs are clicked (using JQuery) I show the relevant content, and hide all the other content for that respective tab, like so...

I'd like to expand this functionality to make it into a User Control, so that I could re-use the code more easily. Once the control is created, I'd like to be able to use it like this:[Code]....

where I can start learning how to do this, or offer direct help on the code? I've read many tutorials for creating controls using existing controls (e.g. custom labels etc) but they are all too simple. With the above, do I need to create a ContentArea control first, then work onto the TabbedControl? How do I get ASP.NET to render out the contents of my ContentArea (including ASP.NET controls that are contained within it)?

View 4 Replies

Security :: What The Best Practice For Next Scenario

Apr 27, 2010

1) All users can browse open web site content.

2) To access memebrs area users must login.

3) Users can create , edit/update, delete there profile/information only.

4) Users can see / view other users profiles.

5) Admin can browse, create, edit/update, delete an any profiles.

I found many different ways to implement it, but what the best practice. May be you can point me in right direction.

Application Web based, MsSQL 2005, .NET 3.5, Server 2003.

View 1 Replies

C# - Good Practice To Perform Direct Database Access In The Code-behind Of Webpage?

Jun 7, 2010

I am an experienced developer but I am new to web application development. Now I am in charge of developing a new web application and I could really use some input from experienced web developers out there.

I'd like to understand exactly what experienced web developers do in the code-behind pages. At first I thought it was best to have a rule that all the database access and business logic should be performed in classes external to the code-behind pages. My thought was that only logic necessary for the web form would be performed in the code-behind. I still think that all the business logic should be performed in other classes but I'm beginning to think it would be alright if the code-behind had access to the database to query it directly rather than having to call other classes to receive a dataset or collection back.

View 2 Replies

Javascript - Security Practice For Web Based Systems?

Nov 17, 2010

My system is an asp.net website which uses sql server 2008 (mostly stored procedures, but for asychnronous calls I directly insert the sql commands). I have a web service which polls multiple databases, I use external libraries(Including office interop), and allow for uploading and downloading files - without restriction.

My asp pages use javascript and jquery for most of their functionality.

View 1 Replies

Security :: Best Practice For Storing Users Data In Signup Form?

May 21, 2010

Just wanted to know what is the best pratice for storing new fields data when an user sign up ?

Also...

1- Is there a way to make the login controls use the same database than my website database?

2- It is okay to use the Membership and Role API to manager users from an user interface (without the ASP.NET Web configuration tool) ?

View 9 Replies

Login Restriction With Ldap But Where To Store The Functional Rights/access Control List

Mar 28, 2010

Question is:

LDAP authentication required Internal users automatically authenticated, external users requires login
Where do I store complex access control rights?

In the AD/LDAP or in the Application itself (asp.membership db).

Looking to build this in asp.net mvc 2 and using membership features, so best practice here i guess is that we roll our own custom provider to acomplish this...

View 1 Replies

Forms Data Controls :: Access Radio Button List Selected Value From Repeater Control?

Dec 29, 2010

I have a user control (this has a label to display question and a radio button list to show options).

I am using this user control inside a repeater to display all the questions with their options.

In my repeater page I am not able to capture SelectedValue of radio button list.

protected void Repeater1_ItemDataBound(object sender, RepeaterItemEventArgs e)

View 4 Replies

Looking For Authentication Advice For .NET MVC 3 Application

Nov 2, 2010

I have a web application that will be used by the public. This application has a login credentials requirement.

I don't want to create yet another site that you have to create a custom username/password combination unless you really want too. I would like to support 3rd party logins like Facebook, Twitter, etc...

In the end this website could run in the Azure cloud as well so I am open to anything special to that.

One thing to note is the Microsoft Membership Provider that is part of ASP.NET is a great way to have custom login/passwords with a nice integration into MVC code. What I would love is that Provider opened up to allow 3rd party logins.

View 1 Replies

Security :: Create Login Control With DropDown List For Username?

Feb 18, 2011

I have an ASP.Net application that uses the Membership Login Control. The thing is, we wanted to avoid giving our members more than they need to worry about, so we didn't want to have to make each a custom username. So the thing is, I want to make the Login Control display a DropDown List populated with a list of usernames as opposed to a text box.

View 7 Replies

Multi-select Control (best Practice)?

Jul 22, 2010

I wrote a schedule app -- in asp.net 3.5 -- used where I work to do all the scheduling, and it actually turned out quiet nice. The issue is, you can only schedule one employee at the time.Each job is one row in a database and equals one employee.We have a lot of jobs that involve multiple employees, so it would be much easier to create one entry that schedules 3 employees for the same job.I've looked at a lot of multi-select dropdowns and combo boxes. Here is what I would like some advice on.

If multi-select selects employee numbers 2202, 2403, and 3610...how is the best way to get that into the database?I'm thinking 2202, 2403, and 3610 get put into an array, and use a loop to add each entry into the database. The database stays the same, and when this gets posted, there are three new entries in the database, one for each of the employees.Am I thinking right or can maybe someone that has done this offer some insight to something that would work better?

View 5 Replies

SQL Server :: Database With Pics Advice?

Jan 22, 2011

Am building an app in VB.NET | ASP.NET 4 | SQL 2008 R2I am building an site that will potentially have upto 15, 000 pics for now. More added each weekWould it be best to insert those pics (from a few kb to 2.5 Mb per pic) into the database or have them in a directory with links to those pics in the database?The site will have pages of pics which the user can browse or click on taking them to another page with info. Basically like a photo album

View 6 Replies

Security :: Access The Submit Button In Passwordrecovery Control?

Nov 17, 2010

I am using passwordrecovery control.

After entering username and keying enter key(from keyboard) it was not firing submitbutton_click event. So i have added defaultbutton property in the panel control, and it is working fine. And my problem here is..

Clicking on submit button it is showing security question. After answering the security question, i have to click on the submit button either by mouse click or tab enter.

What i need to do is.. after answering the security question, I should be able to hit enter key instead of mouse clicking on submit button.

View 3 Replies

Security :: Lost Access To Control Members And Roles?

Aug 8, 2010

I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.

The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.

How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.

View 6 Replies

JQuery :: Sending Data To The Client ( Advice )?

Nov 2, 2010

Currently, I am exploring options for sending data to the client. What I am hoping for is suggestions, or a pros and cons feedback.

What I am wanting to do is query the database then send this data to a web service ( or maybe wcf ). Once there, jquery ( or another JS library ) will utilize this data to fill a grid/tree/form depending. This all seems very very basic, but what concerns me is the amount of data that can be sent. I have seen some grids that have 16K records...and what worries me is that would be WAY too much data to send.

I was just wondering how these things are handled. My current thoughts are to do a 'onDemand' loading, but my inexperience has me second guessing. Also, I know this isn't directly related to jquery, but I notice there are a lot more examples with wcf rather than webmethod/web services.Is wcf better for these types of things?

View 5 Replies

Security :: What's The Best Method To Control Access To Documents And Jpgs At Runtime

Oct 28, 2010

I want to be able to control access to photos and PDF documents at run time.

I want users to be able to download the photos and documents as soon as they pay for them instead of having to wait for me to email the items to them.

What's the best way to do this? I am using VB.net, SQL Server, and ASP.net.

I am entry level to lower-middle in my programming skills, but can usually follow along.

View 3 Replies

Web Forms Best Practice To Retrieve Dynamic Server Control Values?

May 24, 2010

I populate web form with dynamic list of exams from database. I want user to enter examination marks for each exam. There is list of exam titles and textbox near each title.I create list with repeater control (ViewState is disabled)

class Exam
{
public int Id { get; set;}
public string Title { get; set;}
}
...
// this list is retrieved from database actually
Exam[] Exams = new Exam[]
{
new Exam { Id = 1, Title = "Math"},
new Exam { Id = 2, Title = "History"}
[code]...

View 1 Replies

Custom Server Controls :: Composite User Web Control - Properties - Best Practice

Jan 12, 2011

I would like to ask you what is the best practice for developing composite user web control with multiple controls inside from the stand point of dealing with properieties. In my situation I would like to use header menu bar with logos, buttons, java baset visible/hidden menus itc as web control. I was successfull in implementing new control in my project.

But my question goes to issue of properties for ALL OF controls. I know how to hard code all required properties like: text, visible, enable for all controls. It's a lot of work. ( This is the very edge of my asp.net comprehension ) Is there a more elegant way provide an access to controls's properties without hard coding seperatelly?

View 12 Replies

Iis6 - Application With Windows Authentication And Custom Membership Provider Advice

Feb 15, 2011

I've been asked to upgrade a few applications and I'm planning on merging all of them into one asp.net application. I'm fine with this decision and have spoken with fellow workers and they also think it's the best option to go with.

The application will be accessed from a small group of users which belong to a larger domain. I'm currently planning on using Windows authentication and only allow this small set of users to access the asp.net application. Also there must be some role management, so that only certain users can view certain functionality.

I really don't want to have many different windows groups; so I want to avoid having to assign different windows groups to different folders and control permissions in the web.config.

What I'd like to do is:

- Assign one windows group to the small group of users who will access the page.

- Create a custom membership provider and control the user who accesses the application. Depending on the user I will then assign his current set of roles.

- Add an application setting to the web.config, with the name of the current administrator, so if he logs in, he will be assigned all roles, and will be able to create and assign roles to other users.

View 1 Replies

Security :: Practice To Maintain A Separate Usert Table And Add Fields To The Aspnet_Users Table?

Apr 14, 2010

If I am going to use the asp.net membership and roles, the asp.net database includes an aspnet_Users table that has the userid and email address. If I have custom fields is it best practice to maintain a separate usert table and link on user id or to add fields to the aspnet_Users table?

View 1 Replies

Security :: Grab A Users/roles List / How To Implement A User's List Into Website

Sep 16, 2010

Just wondering how to implement a user's list into website ? im using ASP.NET C#. I want to be able to:

add/delete usersadd/remove roles

View 2 Replies

Security :: Automatically Assigning Roles / Standard Practice For Assigning Roles To Newly Signed-on members?

May 17, 2010

Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.

View 6 Replies

Security :: Dotnetzip < Access To The Path Is Access Denied

Oct 5, 2010

I trying dotnetzip on localhost everything works fine.but on a real dotnet hosting it raises error :

Access to the path 'C:inetpubvhostslahblah.comsubdomains
aporhttpdocsDotNetZip-luqevaxu.tmp' is denied.
using (ZipFile zip = new ZipFile(Server.MapPath("~")+"/a.zip"))
{
zip.AddFile(Server.MapPath("~")+"/deneme.txt");
zip.Save();
}

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved