Authorization in web.config is giving me heartburn
-
We have a fairly large project with a lot of roles and a lot of pages. For a time, we've been using location elements in the web.config to manage security, but it is starting to get unmaintainable. What I would really like is some sort of way that I can authorize or deny a request based on the user's permissions that doesn't involve tampering with a config file. Ideally, this thing should get its data either from a database or by being hardcoded (for instance, it would be awesome if there was a nice fluent interface that I could use for this). Does anyone have any suggestions? Will
-
We have a fairly large project with a lot of roles and a lot of pages. For a time, we've been using location elements in the web.config to manage security, but it is starting to get unmaintainable. What I would really like is some sort of way that I can authorize or deny a request based on the user's permissions that doesn't involve tampering with a config file. Ideally, this thing should get its data either from a database or by being hardcoded (for instance, it would be awesome if there was a nice fluent interface that I could use for this). Does anyone have any suggestions? Will
I'd build a permissions system into the database, which has the advantage that you can give admins the UI to change it. Create groups for your users and apply permissions to pages on the group level.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )
-
I'd build a permissions system into the database, which has the advantage that you can give admins the UI to change it. Create groups for your users and apply permissions to pages on the group level.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )
-
I guess what I'm stuck on is where to put the code that restricts the user from hitting certain pages. Would that go in global.asax somewhere or out on the page? Or should I make some sort of custom handler for it? Sorry, I'm a bit thick today. Will
I would write a base class for all pages, and have a property specifying what group the page belongs to. Then I'd set the code in each page and check the user in the base class.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )