you will probably have to hook into the various event handlers in global.asax. beginrequest springs to mind.
each page could expose an "AllowedRoles" property. in the event handler, compare the users' rolelist with the allowed roles for the page. -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] Behalf Of Paul Cowan Sent: Wednesday, February 07, 2007 12:08 PM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: [ADVANCED-DOTNET] AOP and security Hi all, We have an ASP.NET application where users log in under forms authentication. Each user is assigned a role and I want only certain roles to view certain pages. I am really unsure where to put the code for the security and I do not want to hard code the security checks into the code and would somehow like to configure this. Sounds like a job for AOP. I have no experience in this field and was wondering if somebody could help me out? Or if indeed AOP is a good fit for this. Cheers Paul =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
