function-based authentication ???
-
I found many article talking about role-based authentication. But for my jobs, i need more. My application has 4 groups of user, said admin, super user, user, and reviewer. however, the super user can assign/change a different set of functions that each user can use. If i use the role-based authentication, i have to set one role of a function, then i might have 20+ role. Is there another way to implement such need ???
-
I found many article talking about role-based authentication. But for my jobs, i need more. My application has 4 groups of user, said admin, super user, user, and reviewer. however, the super user can assign/change a different set of functions that each user can use. If i use the role-based authentication, i have to set one role of a function, then i might have 20+ role. Is there another way to implement such need ???
IMO, you can implement a custom http module which is responsible for authorizing the user, its functionality looks like the built-in module
UrlAuthorizationModulesupported by the ASP.NET. Basically, the custom module hooks to theAuthorizeRequestevent of the application, you can define your own rules in the web.config file or a seperate config file, and the custom module uses these rules to authorize the user. -
IMO, you can implement a custom http module which is responsible for authorizing the user, its functionality looks like the built-in module
UrlAuthorizationModulesupported by the ASP.NET. Basically, the custom module hooks to theAuthorizeRequestevent of the application, you can define your own rules in the web.config file or a seperate config file, and the custom module uses these rules to authorize the user.I didn't get your answer. I think the rule in web.config is a fixed rule. But in my case, the super user can change the user level right dynamically. For example, mr. A is a user level. Normally, user level can use PDA for reciving goods for all warehouse. However, the super user still can grant whethever this login name (a user level) can use which functions. For example Today he has only right to recieve goods from warehouse 1. However, for tomorrow, the super user will grant mr. A to recieve goods from warehouse 2, and super user will deny him to do so for the next couple day. The main problem here is that i can't assign particular groups (or role) for these functions. Because it depends on superuser decision. And for me having a group (or role) for each functions is not the best solution. Hope you can understand my need ^^'' -- modified at 2:14 Thursday 5th January, 2006
-
I didn't get your answer. I think the rule in web.config is a fixed rule. But in my case, the super user can change the user level right dynamically. For example, mr. A is a user level. Normally, user level can use PDA for reciving goods for all warehouse. However, the super user still can grant whethever this login name (a user level) can use which functions. For example Today he has only right to recieve goods from warehouse 1. However, for tomorrow, the super user will grant mr. A to recieve goods from warehouse 2, and super user will deny him to do so for the next couple day. The main problem here is that i can't assign particular groups (or role) for these functions. Because it depends on superuser decision. And for me having a group (or role) for each functions is not the best solution. Hope you can understand my need ^^'' -- modified at 2:14 Thursday 5th January, 2006
By this I mean, you can implement a custom authorization module which is responsible for checking on the current permissions that user owns. To define the permissions (or functionalities) that one has, you can use a data store like the web.config file, or database, or whatever you want. Then this module can base on this info at runtime to do its job.
-
I found many article talking about role-based authentication. But for my jobs, i need more. My application has 4 groups of user, said admin, super user, user, and reviewer. however, the super user can assign/change a different set of functions that each user can use. If i use the role-based authentication, i have to set one role of a function, then i might have 20+ role. Is there another way to implement such need ???