hi, We are using FormsAuthentication which I know is still possible but I really do not want not want to have to create a seperate database to store the roles information. That is I do not want to create the aspnetdb. Is it possible to use this approach without using the aspnetdb? Cheers [EMAIL PROTECTED]
> Date: Wed, 7 Feb 2007 10:02:39 -0800> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > > You can use a <location path=""> directive to apply at the page level as > well. For example:> > <location path="page1.aspx">> > <system.web>> > <authorization>> <allow roles="members" />> <deny users="*" />> > </authorization>> </system.web>> > </location>> > Note that the location > directive can be used for any configuration setting in web.config files.> > > BTW -- this tutorial of mine covers using Role Based Authorization and > security trimming with windows auth and might be useful to look at: > http://weblogs.asp.net/scottgu/archive/2006/07/23/Recipe_3A00_-Implementing-Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server.aspx> > > Thanks,> > Scott> > -----Original Message-----> From: Discussion of > advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Phil Sayers> > Sent: Wednesday, February 07, 2007 9:47 AM> To: > ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> Subject: Re: [ADVANCED-DOTNET] AOP and > security> > i originally did not suggest using the built in stuff because > depending on> how the security will be used to answer the question "can this > user look at> this page?"... you could end up with a fairly ugly set of > folders &> subfolders...and maybe even duplicating the same page across many > subfolders> to accommodate the various user accounts.> > but yes, i've > recently done a website using the built in stuff....very slick> and easy to > use.... but from my "limited" experience, you can only apply the> "this role > can access these items" at the folder/subfolder level, not the> individual > page level, so you have to have some fairly clean deliniation> between > groupings of pages and how that lines up to the various security> roles you > define.> > > > -----Original Message-----> From: Discussion of advanced .NET > topics.> [mailto:[EMAIL PROTECTED] Behalf Of Geoff Taylor> Sent: Wednesday, > February 07, 2007 12:33 PM> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> Subject: > Re: [ADVANCED-DOTNET] AOP and security> > > OK, I'll bite. What's wrong with > the built-in configurability of role> security?> > http://msdn2.microsoft.com/en-us/library/5k850zwb(VS.80).aspx> > With that > you can specify the allowed/denied roles for a page or subfolder,> using > multiple <location> tags:> <configuration>> <location path="memberPages">> > <system.web>> <authorization>> <allow roles="members" />> <deny users="*" />> > </authorization>> </system.web>> </location>> <!-- other configuration > settings here -->> <configuration>> > You can have as many of those location > sections as you need. That would> keep the entire configuration of the role > security out of the code.> > (OK, in the past I've found it horribly flaky if > the specified target is> virtual one rather than an actual file that exists > on the filesystem - I> don't know if that's improved in .NET 2.0. But apart > from that, it's simple> and configurable.)> > Failing that, as Phil says, > HttpApplication events are probably the answer.> You can either do the > Global.asax thing, or implement your own HttpModule.> The AuthorizeRequest > event may be the one you want - I've used it in the> past and can send you > some code off-list if you want.> > Good luck,> > Geoff> > > -----Original > Message-----> > From: Discussion of advanced .NET topics. [mailto:ADVANCED-> > > [EMAIL PROTECTED] On Behalf Of Paul Cowan> > Sent: 07 February 2007 17:08> > > To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > Subject: [ADVANCED-DOTNET] AOP > and security> >> > Hi all,> > We have an ASP.NET application where users log > in under forms> > authentication. Each user is assigned a role and I want > only certain> > roles to view certain pages.> >> > I am really unsure where > to put the code for the security and I do not> > want to hard code the > security checks into the code and would somehow> > like to configure this.> > >> > Sounds like a job for AOP. I have no experience in this field and was> > > wondering if somebody could help me out? Or if indeed AOP is a good> > fit > for this.> > Cheers> >> > Paul> > ===================================> > This > list is hosted by DevelopMentorR http://www.develop.com> >> > View archives > and manage your subscription(s) at> > http://discuss.develop.com> > > ===================================> This list is hosted by DevelopMentor. > http://www.develop.com> > View archives and manage your subscription(s) at > http://discuss.develop.com> > ===================================> This list > is hosted by DevelopMentor? http://www.develop.com> > View archives and > manage your subscription(s) at http://discuss.develop.com> > > ===================================> This list is hosted by DevelopMentorĀ® > http://www.develop.com> > View archives and manage your subscription(s) at > http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
