C# - SQL Role Security + Custom .Net Base Page?
Feb 8, 2010
I'm workng on a new, green-field ASP.Net application. We're implementing a base page which all pages will be, er, based on. The application will be running under Integrate Windows Auth, so I'll have the user's account details. With these, I'll be going to several databases (in which the user will exist) to find out what roles they are assigned to in each db. I'll be holding the role yay/nay in a bool array, and key into it via an enum.
There will be a session object that will hold a few things, and the roles assigned for that user. I'm thinking of making the session object available as a property of the base page, as the code would be something like this:
public SessionObject MasterSessionObject
{
get
{[CODE]....
But, I'm sure you'll agree, it looks sucky...If there was a CheckSecurity method on the base page, it would have to take a concrete DatabaseRoles object, but also an enum of which role to check, which would also look sucky. And finally, there would be a requirement at a later date to add more databases and their security settings...
I'll add code tomorrow if required... :-s
I dunno, I'm not that thick, but I do have a hard time sometimes binding all this together...
View 1 Replies
Similar Messages:
Dec 25, 2010
I have a Table In DataBase Role.
Which Contain the Role
1. SuberAdmin
2. Admin
3. Coordinator
4. Agency
5. Agent
Which have the different- different Access of pages so now how i give the seetings in Web to access the page according to role.
View 8 Replies
Apr 26, 2010
I have to implement User base security in my Web project using .Net3.5. Followings are some we need:
Roles can be Admin, Manage, Editor, Member etc User can have multiple roles Every roles has its own dynamic menus and restrictions/resources All menus and interface will populate dynamically from Database
I heard some where this kind of i.e user base security can be implemented using HashTable but I dont know how is it?
Today I came to know that for this kind of work Java people use Interceptor Design patterns. So, how could I do the same in asp.net C#?
View 2 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Mar 22, 2011
I want to implement role base access security on a script instead of database .
Using asp.net 2008
Considering various different user roles in scripting- role base access on same page. not in the database Different user should be able to see only particular information on the page, which is assign to him. This should be done on the bases of scripting not in the database.In short administrators and users contains should be on one page and they should be distinguish according to the role of administrator and user on same page.
Need to put validation and verification on the scripting page, not from the database.
My CLIENT REQUIREMENT IS :-
Defination of project
The goal of this project is to extend role-based access from data to scripts. The users are classified into different roles. A script will display different information according to the role of the user.
The main aim behind implementing this project is, as nowadays people try to access the code and try to break into the secure codes via cookies as well as link information along with domain names. So in order to prevent this if the role base access security is kept on a script instead of database then it might be possibly less chance of breaking this kind of security.
In making this kind of functionality we need to deal security of webpage with the help of script. So the whole idea is to identify the user and separate contains which are only accessible to the specific user. In order to research and implement this project, we need to have core understanding and knowledge of the scripting fundamental and how exactly the scripting is working on webpage.
So looking towards this project we are planning to deal with somehow role base access in scripting.
Nowadays you might have seen security has become a larger issue, moreover providing security on website is one of the major concerned in today's life. As the network of wired and wireless network has extended in very large volume, you can see unsecure internet access in many place and in this unsecure there might be possibility of hacking becomes very easy.
So in order to make this security tight or in order to make website more secure we are planning to build this project.
View 2 Replies
Nov 13, 2010
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.
View 2 Replies
Jul 26, 2010
I am using built-in asp.net Role and membership provider in my website. when user login to my system they are redirected to hompage. how should i code it. that when he click on login button page check its role and then decide where to redirect. Suppose user login with name John and "john" is "Admin" then application Redirect him to AdminPanel.aspx and if User john is normal "RegUser" Role then redirect him into Home.aspx.
View 1 Replies
Feb 8, 2010
I think I'm missing something simple...I have a customRole Provider set up and it seems to be working fine - I can add/change/delete info using the WAT.For my Authorization I do a custom routine that is separate from the .net provider that basically says the users is or is not authenticated (true/false).If the user IS authorized how do I set the cookie (or whatever) letting .NET know who they are so I can use the roles on a directory level?I know I can use Roles.IsUserInRole on individual pages but I'd like to be able to use directory based authorization too (from the web.config).
View 3 Replies
Apr 20, 2010
We are trying to implement Custom Role membership provider for our web app. For authorization we want to check for one more field like Facilityid for the logged on user along with role he has. eg. my User1 having Role1 with Facility1 can access some option and same user role for Facility2 have different option. So is there a way we can extend the existing role/profile provider to authorize user with this additional field along with role assigned.
View 1 Replies
May 26, 2010
I have a custom role provider and I'm trying to get the IsUserInRole() method to get called when a user of a certain role tries to access a restricted page. However, the method is never called.
[code]...
When the user goes to a restricted page, I'd like the custom role provider to check the user's role and deny/grant access.
View 3 Replies
May 12, 2010
I have created custome Membership Role and Profile provider using INGRES db. Now I can see my IngresMembership and IngresRole provider in the Provider tab(Select a different provider for each feature (advanced) ) of WSAT but when I clik on security tab I get this error:
"There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Object reference not set to an instance of an object."
What am I missing? Do I need to add code for all override methods for Role provider? I have just written code for the Initialize and GetRolesForUser functions.
View 1 Replies
Feb 9, 2010
I have a custom role provider class that is currently being used by a web application. We are now in the process of migrating several windows applications from VB6 to VB.Net. From preliminary research, I understand that I can use the custom role provider in win forms as well and came across Client Application Services. I understand how the Client Application Services is setup, but can't seem to find how the custom role provider code will be shared between the web apps and the windows apps.
View 3 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
View 1 Replies
Apr 13, 2010
I'm using my own role management and user management in my application, i now need to use forms authentication. How can i do this?
View 3 Replies
Feb 5, 2010
I have a custom oledb role provider that pretty much a cust and past of:
[URL]
except I've used oledb instead of odbc. I'm connecting to an oracle database and the tables have been created with out any issues. now if I go into the Website Administration Tool and try to create a new role I get the error
"Specified cast is not valid."
I can create a role directly in the database (through TOAD) and the role will show up in the .NET WAT, so I know it can make the connection and read the info just fine. I just can't create or delete or modify a role without the above error.
I'm using C# in VS 2008 Pro.
My provider code is as follows:
[Code]....
View 1 Replies
Apr 4, 2011
There are multiple roles. (Role A, Role B etc) There are multiple input/output fields. (Field A, Field B etc) There are multiple permission levels controlling access to each field. (Read, Direct Edit, Edit With Approval, None) Each role has its own permissions to fields. (Role A has Read Permission to Field A; Role B has Direct Edit permission to Field A etc) Every role can be assigned to users and they are assigned by Geographic information. (User A is assigned to Role A for Continent: Europe - Country: Germany; User B is assigned to Role A for Continent: Europe - Country: France; User A is assigned to Role B for Continent: Europe - Country: France etc) Users can have multiple roles User identity is coming from Windows Authentication.
is it possible to represent this type of kind of multi-layered security model using ASP.NET internal membership/role providers? If so, what should my starting point be? Creating only custom role provider with custom methods and fields be enough?
View 3 Replies
May 26, 2010
I am trying to create a Forms Authenticated site and have already used the aspnet_regsql tool to create the necessary logic in my SQL Server DB to hold my data. Now, I am looking to create a custom Membership, User and Role provider for my DB model. I was looking at the following video: [URL]
Now, I get the concept on how to go about it but I notice that this guy uses custom DB Procedures as to the ones that are generated by the aspnet_regsql tool. Can anyone direct me on where I can find info on how to go about building the Membership, User and Role provider class using the DB structure that aspnet_regsql generates? So much junk on google that I am having a hard time finding good guidance.
View 1 Replies
Nov 11, 2010
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 Replies
Dec 1, 2010
i have implemented custom role provider and membership provider .
login page : SignIn.aspx
on successful login it redirects to (index-Homepage.aspx)
now PROBLEM is when it successfully logged in ,and redirects to 'index-Homepage.aspx' it gives Anornymoustemplate ..while its verifying the role correctly in index-Homepage.aspx.cs
View 1 Replies
Jan 8, 2010
how i would go about loading a page if a user is a memeber of the site, but if they are not redirect to the login page.I have created a site with multiple pages, but only a select few of these pages need to be viewed by memebers only. Could someone help or guide me in the right direction to read up on how to do it
View 5 Replies
Mar 18, 2011
Why asp.net sql role provider does not allow to update the role name , whats its reasons.
View 5 Replies
Apr 22, 2010
I'm not sure if this is possible or not, I'm using Roles to limit what pages a user can access based on there assigned Role. My question, is there anyway to redirect the user to a specific web page based on thier role after they login.
For example:
If Bob logs in with Role="Automotive", I want him to be redirected to Auto.aspx.If sue logs in with Role="Clothing", i want her to be redirected to cloths.aspx.
View 8 Replies
Feb 15, 2011
I have a web app developed using role & membership provider...
this is my web.config file
<authentication mode="Forms">
<forms loginUrl="Forms/LogIn.aspx" name=".ASPXFORMSAUTH" defaultUrl="Forms/main.aspx" timeout="30"></forms>
</authentication>[code]....
So i would like that the page "pag1.aspx" is reached bypassing the "main.aspx" so If I try to digit directly on the server http://localhost/forms/pag1.aspx?C=159 ......correctly appears the login page....and the URL became..
http://localhost/Forms/LogIn.aspx?ReturnUrl=%2fForms%2fpag1.aspx%3fC%3d151&C=159 and after login I can see correctly the page1.aspx . when I try to reach the page from my browser..I digit
http://myserver/forms/pag1.aspx?C=159 .... the login page appears...but the url became..
http://myserver/Forms/main.aspx
and after login I cannot see the page1.aspx....but main.aspx
View 1 Replies
Apr 21, 2010
I have created my own custom role provider class "SGI_RoleProvider" and configured properly.
Everything is working fine.
Suppose that I have added a public method say "SayHello()", then how can i call that. Because if i am using Roles then the method is not displayed. If i am forcefully using that Roles.SayHello() then compiler gives the error.
how can i call this. Because creating a new instance of SGI_RoleProvider is meaningless.
View 1 Replies
Apr 9, 2010
I would like to use the asp.net membership and role management. However, all I found is fixed role control on the page level. Is there a way to let customer (administrator) to create their own roles, and assign the permission (edit, add, or view) to them, and then, use the permission to control te display (for example: edit button visible or not)?
View 5 Replies
