Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   "Pattern" or "best practice" in security checks (http://www.velocityreviews.com/forums/t766904-pattern-or-best-practice-in-security-checks.html)

Anders K. Jacobsen [DK] 12-05-2004 07:31 PM
"Pattern" or "best practice" in security checks
 
Hi

Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more detailed
that on page level. Rather component level.

This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in a
sudden datagrid. This is of course not secure enough so therefore the checks
in the events.

This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time this
have come up.

To summerize. I want to avoid this.

private void datagrid_DeleteCommand(object source, DataGridCommandEventArgs
e)
{
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
{
long currentid = Int64.Parse(((Label)e.Item.FindControl("lblid")).T ext);
_Service.DeleteItem(currentid);
Databind_datagrid();
}
}

Thanks in regards
Anders, Denmark


All times are GMT. The time now is 08:57 AM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57