hi,
 
We are using FormsAuthentication which I know is still possible but I really do 
not want not want to have to create a seperate database to store the roles 
information.  That is I do not want to create the aspnetdb.
 
Is it possible to use this approach without using the aspnetdb?
Cheers
[EMAIL PROTECTED]



> Date: Wed, 7 Feb 2007 10:02:39 -0800> From: [EMAIL PROTECTED]> Subject: Re: 
> [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> 
> > You can use a <location path=""> directive to apply at the page level as 
> well. For example:> > <location path="page1.aspx">> > <system.web>> 
> <authorization>> <allow roles="members" />> <deny users="*" />> 
> </authorization>> </system.web>> > </location>> > Note that the location 
> directive can be used for any configuration setting in web.config files.> > 
> BTW -- this tutorial of mine covers using Role Based Authorization and 
> security trimming with windows auth and might be useful to look at: 
> http://weblogs.asp.net/scottgu/archive/2006/07/23/Recipe_3A00_-Implementing-Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server.aspx>
>  > Thanks,> > Scott> > -----Original Message-----> From: Discussion of 
> advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Phil Sayers> 
> Sent: Wednesday, February 07, 2007 9:47 AM> To: 
> ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> Subject: Re: [ADVANCED-DOTNET] AOP and 
> security> > i originally did not suggest using the built in stuff because 
> depending on> how the security will be used to answer the question "can this 
> user look at> this page?"... you could end up with a fairly ugly set of 
> folders &> subfolders...and maybe even duplicating the same page across many 
> subfolders> to accommodate the various user accounts.> > but yes, i've 
> recently done a website using the built in stuff....very slick> and easy to 
> use.... but from my "limited" experience, you can only apply the> "this role 
> can access these items" at the folder/subfolder level, not the> individual 
> page level, so you have to have some fairly clean deliniation> between 
> groupings of pages and how that lines up to the various security> roles you 
> define.> > > > -----Original Message-----> From: Discussion of advanced .NET 
> topics.> [mailto:[EMAIL PROTECTED] Behalf Of Geoff Taylor> Sent: Wednesday, 
> February 07, 2007 12:33 PM> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> Subject: 
> Re: [ADVANCED-DOTNET] AOP and security> > > OK, I'll bite. What's wrong with 
> the built-in configurability of role> security?> 
> http://msdn2.microsoft.com/en-us/library/5k850zwb(VS.80).aspx> > With that 
> you can specify the allowed/denied roles for a page or subfolder,> using 
> multiple <location> tags:> <configuration>> <location path="memberPages">> 
> <system.web>> <authorization>> <allow roles="members" />> <deny users="*" />> 
> </authorization>> </system.web>> </location>> <!-- other configuration 
> settings here -->> <configuration>> > You can have as many of those location 
> sections as you need. That would> keep the entire configuration of the role 
> security out of the code.> > (OK, in the past I've found it horribly flaky if 
> the specified target is> virtual one rather than an actual file that exists 
> on the filesystem - I> don't know if that's improved in .NET 2.0. But apart 
> from that, it's simple> and configurable.)> > Failing that, as Phil says, 
> HttpApplication events are probably the answer.> You can either do the 
> Global.asax thing, or implement your own HttpModule.> The AuthorizeRequest 
> event may be the one you want - I've used it in the> past and can send you 
> some code off-list if you want.> > Good luck,> > Geoff> > > -----Original 
> Message-----> > From: Discussion of advanced .NET topics. [mailto:ADVANCED-> 
> > [EMAIL PROTECTED] On Behalf Of Paul Cowan> > Sent: 07 February 2007 17:08> 
> > To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > Subject: [ADVANCED-DOTNET] AOP 
> and security> >> > Hi all,> > We have an ASP.NET application where users log 
> in under forms> > authentication. Each user is assigned a role and I want 
> only certain> > roles to view certain pages.> >> > I am really unsure where 
> to put the code for the security and I do not> > want to hard code the 
> security checks into the code and would somehow> > like to configure this.> 
> >> > Sounds like a job for AOP. I have no experience in this field and was> > 
> wondering if somebody could help me out? Or if indeed AOP is a good> > fit 
> for this.> > Cheers> >> > Paul> > ===================================> > This 
> list is hosted by DevelopMentorR http://www.develop.com> >> > View archives 
> and manage your subscription(s) at> > http://discuss.develop.com> > 
> ===================================> This list is hosted by DevelopMentor. 
> http://www.develop.com> > View archives and manage your subscription(s) at 
> http://discuss.develop.com> > ===================================> This list 
> is hosted by DevelopMentor? http://www.develop.com> > View archives and 
> manage your subscription(s) at http://discuss.develop.com> > 
> ===================================> This list is hosted by DevelopMentorĀ® 
> http://www.develop.com> > View archives and manage your subscription(s) at 
> http://discuss.develop.com
===================================
This list is hosted by DevelopMentorĀ®  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com

Reply via email to