Listing Folder Content and managing permissions
-
Dear All, I created a web application using vs2005 and this is my problem I want to control access per page and per user basis, futhermore i will do on groups basis later What i want to do is to create a webfrom for the admin that lists all the webforms of the web application in a checkbox list or a lisbox control. So after the admin picks a user he sets the "Allow/Deny" the user access to the page by checking or unchecking the items. I will later save to the database. I installed the aspnet db to create and manage the users and for security but it only gives permissions per folder not per page so is there a way to exploit it? So what i need is to know how to list the pages and how to manager security Any keys would be apriciated Thanx in advance
Best Regards 3ala2 :)
-
Dear All, I created a web application using vs2005 and this is my problem I want to control access per page and per user basis, futhermore i will do on groups basis later What i want to do is to create a webfrom for the admin that lists all the webforms of the web application in a checkbox list or a lisbox control. So after the admin picks a user he sets the "Allow/Deny" the user access to the page by checking or unchecking the items. I will later save to the database. I installed the aspnet db to create and manage the users and for security but it only gives permissions per folder not per page so is there a way to exploit it? So what i need is to know how to list the pages and how to manager security Any keys would be apriciated Thanx in advance
Best Regards 3ala2 :)
You can do it in the following way: You have a User Table: (UserID, Username, UserGroupID) You have a UserGroup Table: (UserGroupID, UserGroup Description) You have a Permissions Table: (PermissionID,Description) You have a Link Table between the Permissions and the UserGroup: (UserGroupPermissionID, PermissionID, UserGroupID) Lets say you have only 2 user groups: General User and Admin. A user can be SET to be any of the 2 UserGroups. Lets say you have 2 Webforms. Webform1 is for General Users and Webform2 is for Admin. Consider each webform like a seperate permission. So lets say Webform1 is PermissionID 1 and Webform2 is PermissionID2: Permission Table: ================= Permission ID ... Description 1 ... Webform1 2 ... Webform2 UserGroup Table: ================ UserGroupID ... Description 1 ... General User 2 ... Admin UserGroupPermission Table: ========================== UserGroupPermissionID ... UserGroupID ... PermissionID 1 ... 1 ... 1 2 ... 2 ... 1 3 ... 2 ... 2 So you can see from that table that General User is allowed permission 1, whereas Admin is allowed permission 1 AND 2. After you set the figures in the database, At the top of Webform1 code-behind page, you will need to query the database by passing the session UserID. Use a VIEW of the Permission link table and the usertable. If the UserID has permission "1", then allow him to see Webform1. If he doesn't, then redirect him/her. Do the same for Webform2. If the user doesn't have Permission "2" in the database, he will simply be redirected away. HOPE THIS HELPS! :)
-
You can do it in the following way: You have a User Table: (UserID, Username, UserGroupID) You have a UserGroup Table: (UserGroupID, UserGroup Description) You have a Permissions Table: (PermissionID,Description) You have a Link Table between the Permissions and the UserGroup: (UserGroupPermissionID, PermissionID, UserGroupID) Lets say you have only 2 user groups: General User and Admin. A user can be SET to be any of the 2 UserGroups. Lets say you have 2 Webforms. Webform1 is for General Users and Webform2 is for Admin. Consider each webform like a seperate permission. So lets say Webform1 is PermissionID 1 and Webform2 is PermissionID2: Permission Table: ================= Permission ID ... Description 1 ... Webform1 2 ... Webform2 UserGroup Table: ================ UserGroupID ... Description 1 ... General User 2 ... Admin UserGroupPermission Table: ========================== UserGroupPermissionID ... UserGroupID ... PermissionID 1 ... 1 ... 1 2 ... 2 ... 1 3 ... 2 ... 2 So you can see from that table that General User is allowed permission 1, whereas Admin is allowed permission 1 AND 2. After you set the figures in the database, At the top of Webform1 code-behind page, you will need to query the database by passing the session UserID. Use a VIEW of the Permission link table and the usertable. If the UserID has permission "1", then allow him to see Webform1. If he doesn't, then redirect him/her. Do the same for Webform2. If the user doesn't have Permission "2" in the database, he will simply be redirected away. HOPE THIS HELPS! :)
-
Thanx mate what about listing teh webforms issue how can i solve that?
Best Regards 3ala2 :)
-
It is a very straighforward but very very long problem to describe. Please, rephrase your question to make it more precise.
i just want to list all the webforms names in my project "the aspx only" in checkboxlist or a listbox control. i want the dispalyed text is the webform name and the value is the full path for it i guess i can do the rest of security issues :D how can i do that?
Best Regards 3ala2 :)
-
i just want to list all the webforms names in my project "the aspx only" in checkboxlist or a listbox control. i want the dispalyed text is the webform name and the value is the full path for it i guess i can do the rest of security issues :D how can i do that?
Best Regards 3ala2 :)
I'll explain what I did: In addition to the above post, I had a webform which had a datagrid that displayed ALL the records for the different permissions which I have defined(recall Permission Table). Remember that EACH Permission represents a Webform, so there is no need to list the page. You can make the Datagrid entries hyperlinks to the weforms if you like. You can add/edit/delete all the Permissions which you have on that particular webform, just like you can add/edit/delete user records and such, BUT.. EACH webform, EVEN the Permissions webform, will have hard code which will give different users access/denial. for instance, lets say that in the Permissions table, you have the following record: PermissionID = 9 PermissionDescription = Permission Webform and the Admin User Record is: UserID = 1 Username = Admin UserGroup = 2(i.e. Admin) and the UserGroupPermissions Record(in the LINK table) is: UserGroupPermissionsID = 3 UserGroupID = 2(Admin) PermissionID = 9 This means, logically, that the admin is linked to PermissionID number 9. Now lets go back to the webforms. In the PageLoad even of the Permission Webform(which is what you are asking about), you will HARD CODE the following: After creating a VIEW of the tables which show a link between Admin and the Appropriate PermissionID for the Current page, you will pass the UserID which should be stored as a Session variable as soon as any user logs in. Pass that ID through a SQL query and check whether the UserID in the Session variable HAS the Permission ID of the link table... IF YES, then Load the page, IF NO, then redirect. You are asking about the webform itself I think. The Webform itself for this will be the same as any other webform for adding/editing/deleting records. Use a datagrid which should be bound with the information from the appropriate TABLES or VIEWS. When you create a New Permission, like SiteMap Page Permission, you will HAVE TO HARD CODE the permission authorisation as described above, but this time for the SiteMap page. I hope this answered your question. :) -- modified at 9:24 Tuesday 23rd January, 2007
-
I'll explain what I did: In addition to the above post, I had a webform which had a datagrid that displayed ALL the records for the different permissions which I have defined(recall Permission Table). Remember that EACH Permission represents a Webform, so there is no need to list the page. You can make the Datagrid entries hyperlinks to the weforms if you like. You can add/edit/delete all the Permissions which you have on that particular webform, just like you can add/edit/delete user records and such, BUT.. EACH webform, EVEN the Permissions webform, will have hard code which will give different users access/denial. for instance, lets say that in the Permissions table, you have the following record: PermissionID = 9 PermissionDescription = Permission Webform and the Admin User Record is: UserID = 1 Username = Admin UserGroup = 2(i.e. Admin) and the UserGroupPermissions Record(in the LINK table) is: UserGroupPermissionsID = 3 UserGroupID = 2(Admin) PermissionID = 9 This means, logically, that the admin is linked to PermissionID number 9. Now lets go back to the webforms. In the PageLoad even of the Permission Webform(which is what you are asking about), you will HARD CODE the following: After creating a VIEW of the tables which show a link between Admin and the Appropriate PermissionID for the Current page, you will pass the UserID which should be stored as a Session variable as soon as any user logs in. Pass that ID through a SQL query and check whether the UserID in the Session variable HAS the Permission ID of the link table... IF YES, then Load the page, IF NO, then redirect. You are asking about the webform itself I think. The Webform itself for this will be the same as any other webform for adding/editing/deleting records. Use a datagrid which should be bound with the information from the appropriate TABLES or VIEWS. When you create a New Permission, like SiteMap Page Permission, you will HAVE TO HARD CODE the permission authorisation as described above, but this time for the SiteMap page. I hope this answered your question. :) -- modified at 9:24 Tuesday 23rd January, 2007
-
Thanx u so much That was helpful and guess i'll do it this way But still wondering how i can list the project files dynamically :-O Thanx again
Best Regards 3ala2 :)