Security :: Role Base Security Using Scriptin Not In Database?
Mar 22, 2011
I want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
View 2 Replies
Similar Messages:
Apr 26, 2010
I have to implement User base security in my Web project using .Net3.5. Followings are some we need:
Roles can be Admin, Manage, Editor, Member etc User can have multiple roles Every roles has its own dynamic menus and restrictions/resources All menus and interface will populate dynamically from Database
I heard some where this kind of i.e user base security can be implemented using HashTable but I dont know how is it?
Today I came to know that for this kind of work Java people use Interceptor Design patterns. So, how could I do the same in asp.net C#?
View 2 Replies
Feb 8, 2010
I'm workng on a new, green-field ASP.Net application. We're implementing a base page which all pages will be, er, based on. The application will be running under Integrate Windows Auth, so I'll have the user's account details. With these, I'll be going to several databases (in which the user will exist) to find out what roles they are assigned to in each db. I'll be holding the role yay/nay in a bool array, and key into it via an enum.
There will be a session object that will hold a few things, and the roles assigned for that user. I'm thinking of making the session object available as a property of the base page, as the code would be something like this:
public SessionObject MasterSessionObject
{
get
{[CODE]....
But, I'm sure you'll agree, it looks sucky...If there was a CheckSecurity method on the base page, it would have to take a concrete DatabaseRoles object, but also an enum of which role to check, which would also look sucky. And finally, there would be a requirement at a later date to add more databases and their security settings...
I'll add code tomorrow if required... :-s
I dunno, I'm not that thick, but I do have a hard time sometimes binding all this together...
View 1 Replies
Dec 25, 2010
I have a Table In DataBase Role.
Which Contain the Role
1. SuberAdmin
2. Admin
3. Coordinator
4. Agency
5. Agent
Which have the different- different Access of pages so now how i give the seetings in Web to access the page according to role.
View 8 Replies
Nov 13, 2010
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
View 2 Replies
Jun 14, 2010
I was just wondering if anyone has ever had to port the schema across? Are there any experts that could pitch their opinions on the achievability of this (mad) idea? I'm using the IBM Migration Toolkit and as expected its throwing a bunch of translation errors some of which were relatively easy to solve (vendor specific function calls for example) and some will take quite a while to pin down and work round.... however this is not my main concern.
If completed I expect I am going to have to basically rework all the System.Web.Profile/Roles/Membership namespace classes etc to work round the SQL limitations of informix (i.e. IDS11.x SQL server doesnt have a DEFAULT (newguid()) so that would have to be put into the calling method) (and any MVP comments really as I can slap my boss round with the weight after he ludicrously agreed to this project for a client without doing any research...)
View 1 Replies
Jun 7, 2010
I would like to collect all the emails from all users in a certain role. How would I do this ?
View 1 Replies
Sep 21, 2010
I have an existing ASPNET role/membership database created on SQLExpress 2005 (WIndows 2003 Server). I created it under the .NET 3 framework many years ago using the aspnet_regsql.exe application in full GUI mode.
I am setting up a new Windows 2008R2 server with .Net Framework 4 and SQL Server 2008R2. I don't want users to have to recreate accounts or create roles, etc.
So...
1. Should I backup the current database and import it into the new system, and if so do I even need to use the aspnet_regsql.exe application. (If so which version do I use, different aspnet_regsql.exe files exist in different directories (i.e., FrameWork, FrameWork64)
2. Should I just run aspnet_regsql.exe on its own and then somehow try to import the current data into those tables.
I am concerned that if I just import somehow the roles within SQL server will not be created properly.
View 4 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Mar 18, 2011
Why asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 Replies
Dec 30, 2010
I have a couple of aspx pages in c# and want to apply security on them. The way the current security works is that each user is assigned a role to enable him to add,edit or delete . for instance I have 3 roles, Accountant, finance and clerk,
[code]...
View 2 Replies
Mar 4, 2010
I have an application that uses Forms Authentication and Role Management. I have a few users with more than one role associated to the user. Based on certain roles, the navigation menu displays certain menu options.
Right now, if the user has more than one role, the menu shows the items that are in both roles instead of the items that are in the particular role that the user is logged into or currently set to.
I'm creating an Authentication Ticket to log the user in and I'm passing the active user role as follows:
authenticationTicket = New FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(20), False, UserRole)
Is there anyway to set the user to one particular role and have the application see the user in this single role instead of reading all the roles that the user is in?
View 1 Replies
Jan 22, 2011
Is there any way that I can find the exact name of the role a User is in? There is a property for UserName ( User.Identity.Name) but what about the role?
View 1 Replies
Feb 10, 2010
How can i get the role id, rather than the role name?
For instance with the code below
Dim roles1 As String() = Roles.GetAllRoles()
GridView1.DataSource = roles1
GridView1.DataBind()
I can access the role name in the gridview like below, but how could I get the ID to pass in a hyperlink?
<asp:Label ID="lbl1" runat="server" Text='<%#Container.DataItem.ToString() %>' Visible="false" />
View 1 Replies
Nov 11, 2010
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 Replies
Sep 21, 2010
I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that enables a user to be able to see a dataBase information only after that user has been successfully authenticated.
Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members
View 4 Replies
Feb 13, 2011
I am adding users to roles ,, but i think the users are not really connected to the role ??
One othe thing: does this code looks ok:
[code]....
View 3 Replies
Dec 10, 2010
I have a page setup to manage and create users.. in order to help the process of creation, i woudl like to add the new users to our default "users" role when they click the create button. Below is what is in place for the creation page and the button event tied to the button. I used this from a tutorial i found else where, but dont have the link at the moment if anyone needed it.. but the code below works great when creating a new user
[Code]....
View 5 Replies
Apr 25, 2010
i am developing a website in vb.net ,as i am having 3 urser,customer,admin,and employee
i have taken the loginpage and in the codebehind i have permission access to the customer,admin and employee,with different user names and password now my problem is how to make the page to recover the password if the user forget the username or password
View 3 Replies
Feb 12, 2011
The roles of users are not saved. Here is what i am doing:
[Code]....
And i added this to the create user wizard:
<asp:WizardStep ID="SpecifyRolesStep" runat="server" StepType="Step"
Title="Specify Roles" AllowReturn="False">
<asp:CheckBoxList ID="RoleList" runat="server">
</asp:CheckBoxList>
</asp:WizardStep>
View 1 Replies
Jul 11, 2010
How to implement role based security in each page.
View 2 Replies
Dec 31, 2010
I need to get the role of the user using memebership.
View 2 Replies
Dec 25, 2010
I am using a XMLSitemap to show my menu. In my menu I have a node "Log in". But I only want to show this to the visitors who are not logged in. (Not to everyone like what the "*" does). Is there a rolename for those visitors or something like that?This is my XML SiteMap
[Code]....
View 2 Replies
May 7, 2010
I would like to know if it is possible in a custom Membership to get the username of the login and to get first his role before testing his password.
The reason is just that we have to implement also another security with RSA depending on the role of the user.
View 1 Replies
