Security - Using Roles To Represent Different Access Levels?
Mar 4, 2010
I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.
Level 1 - Support
Level 2 - Manager
Level 3 - Senior Manager
Level 4 - Department Head
etc.
If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.
Questions
When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality? Is there a better way of doing this?
View 2 Replies
Similar Messages:
Mar 21, 2011
I am building a subscription based web site, which currently has three subscription levels, i.e. Horses, Soccer, and Horses and Soccer. I was thinking of implementing standard role based authorization, where a Horses subscriber would get roles including those to use the Horses section, etc.
Should I use a standard role provider, and when a member subscribes to the site, assign roles for his subscription to him, or use a hierarchical role provider, that when asked for the roles for a member, only then uses the member's subscription level to 'calculate' a set of roles for the member.
View 2 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Jan 10, 2011
I have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
View 2 Replies
Nov 3, 2010
well i have a simple application using an authentication (user and password) before accessing and there are several roles bound to each user.
in my web.config i have configured the acces for each page according to each role, this is an example below:
[Code]....
and i have 2 users:
1: admin (default role: administrator)
2: guest (default role: role1)
my problem is as follows:
if i give acces to the user "guest" to open the "admin.aspx" page with changin him his role from "role1" to "administrator", this one do not function except if i recharge the web.config file to the server it's just after this manipulation that this user "guest" arrives to open the page "admin.aspx".
i don't know why this problem occurs, normally changing the user role will applies instantaneously.
View 6 Replies
May 12, 2010
How can i ristrict access to controls depending on users roles, on a page.?
View 1 Replies
Jan 20, 2010
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
View 8 Replies
Feb 26, 2010
I have a web.config file with <authorization> section. I'm using window authentication.
The problem is that I would like to allow access to the web site to those users who are in multiple roles.
For example:
<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>
(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)
Is this possible to achive this?
If not, what would be the alternatives?
Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).
View 4 Replies
Aug 8, 2010
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
View 6 Replies
Nov 11, 2010
Will someone point me to a tutorial on how to hide and denied access to certain pages based on what roles the user is in?
View 8 Replies
Sep 23, 2010
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
View 1 Replies
Jan 19, 2010
I'm using vs 2005 and asp.net 2.0 to create my website. Recently, I thought about applying membership instead of my customized security system in order to achieve higher security level and performance. At first thing went well, since it was easy to create/manage users and Role names from behind code, but when I came upon the "Access Rules" I faced what you can call it an 'obstacle' at least from my opinion.
The thing is, I don't want to use Asp.net Web Site Administration Tool to create and manage my access rules which I'm going to assign to each of my dynamically created Roles. What I want to be able to do is make a page where the Admin can create/manage his desired Role(s) and also, create/manage the Access Rules, then add such Access Rules to the previously created Role(s).
Now, what I need to know first is... is it even possible to do such thing in the first place? Because the way i understand it is, since the access rules are stored in the web.config of each folder/directory that you apply them on then it shouldn't be allowed to modify it from the running/published website.
View 4 Replies
Dec 20, 2010
i got a web app where some users can upload to a folder images or files like pdfs.
Those users are authenticated by forms.
Well, in public areas, everyone can see those images and files.
I use for showing an httphandler, changing name, etc...
Id like to know if its possible set security like this:
- Folder with uploads, only with read permission for everyone that is not authenticated
- Folder with uploads, with write permission for authenticated users
Goal is that none can upload files if they are not autenticated and make the upload through the web form created for that.
View 1 Replies
Apr 13, 2010
have a .net website that i have been developing where the majority of pages are accessible to anybody but a few pages are restricted to members. This have been done thru the .net membership provider.This all works fine but what im trying to do now is run a closed beta test.So i want to put the application online but require any visitors to the site to have to go thru an initial beta login screen that has one common username and password for all users. Once past that login the site needs to function like it would if that login step had not occurred. That is, users would have to signup or use their own personal logins to access the pages restricted to members
View 5 Replies
Feb 21, 2010
I want to provide different security aspects to the admin and customer to a single website with a different home pages..
View 3 Replies
Mar 7, 2011
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
View 2 Replies
Dec 30, 2010
I wanna write a usercontrol to handle different access levels on pages.
Below is the html i wanna achieve.
[Code]....
This is my code at this point:
[ParseChildren(false), PersistChildren(true)]
public partial class RequiredUserType : System.Web.UI.UserControl
{
public string UserTypes { get; set; }
[Code].....
My problem is that the <Content> and <AlternativeContent> doesn't get rendered as Panels and on the Client side its rendered as the initial tags(<Conten>) and not a div or whatever a asp:Panel normally gets converted to.
View 1 Replies
Aug 22, 2010
I have two levels of authentications in ASP.NET application.I have a [Code].... user that have full access to all the websites and [Code]....user that have limited access.I want to destroy all open sessions before do any new login, no matter who will do the login.Where should I place my code to destroy all open sessions before I do any new login?
View 3 Replies
Jan 20, 2011
I'm planning to make a page that has about 10 different pages for varying use, for example, stats, data entry, reports, logistics, audit, sales, promo, etc etc. I'm anticipating there will be many combinations as to what pages a user may have access to, for each page, a user ought to be authorized to either enter new data, edit data, print and/or just view.
My questions are :
1. can membership & roles be used, once user is logged in, to display links to all the areas of the web app he is allowed access to?
[code]....
2. besides having access to a particular page, a user should, as mentioned before, be authorized to either enter new, edit, print and/or just view data.
3. Is there a preferred/better method to handle this besides using membership & roles?
View 3 Replies
May 17, 2010
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 Replies
Apr 4, 2011
There are multiple roles. (Role A, Role B etc) There are multiple input/output fields. (Field A, Field B etc) There are multiple permission levels controlling access to each field. (Read, Direct Edit, Edit With Approval, None) Each role has its own permissions to fields. (Role A has Read Permission to Field A; Role B has Direct Edit permission to Field A etc) Every role can be assigned to users and they are assigned by Geographic information. (User A is assigned to Role A for Continent: Europe - Country: Germany; User B is assigned to Role A for Continent: Europe - Country: France; User A is assigned to Role B for Continent: Europe - Country: France etc) Users can have multiple roles User identity is coming from Windows Authentication.
is it possible to represent this type of kind of multi-layered security model using ASP.NET internal membership/role providers? If so, what should my starting point be? Creating only custom role provider with custom methods and fields be enough?
View 3 Replies
Jul 7, 2010
Ultimate goal is to provide protection against programming mistakes. I want to make sure that every page in a portion of my web application has a role specified like below. Ideally I would like to programatically check all requests coming in ( think IHttpModule ) and make sure that the page being requested has a role specified.
I can't seem to find how to get programatic access to the allowed roles.
[code]....
View 2 Replies
Jan 7, 2010
I have used .net login control to authenticate user,i have three types of role ,role1,role2 and role3 and i have users and user have different roles.
now my requirement is like as per loggedin user i want to redirect user on particular page as per role.
for example if loggedin user role is role1 than he will redirect default1.aspx
for example if loggedin user role is role2 than he will redirect default2.aspx
for example if loggedin user role is role3 than he will redirect default3.aspx
and one question if same user may be have more than one role than what should happen???
I got a solution for same than if we are used "loggingin" event than it would be possible but i had placed login control in login view anonymous template because as per my requirement i want that after successfull login user can't see login control on page.thats why i didn't get the login control event on code.
View 6 Replies
Mar 22, 2010
In our system now, we have a class of user and beneath each class, there's a type of user.
Is there a way to setup and use the ASP.Net role provider with this kind of setup?
View 2 Replies
Feb 20, 2010
i am new to asp.net, i am creating a small website for my college, in that.
Only the admin's can create other users...
Now while using the nw registration wizard, i hav to mention the role also in that page.
View 5 Replies
