"Pattern" or "best practice" in security checks
Im developing an ASP.NET CRUD application where i need to do some
authorization checks on surden actions. Eg. some account have access to
delete in a sudden datagrid and some have not. So I have to be more detailed
that on page level. Rather component level.
This ends up, as I see now, in a alot of checks in the different involed
events. Further I have to adjust the view so that actually can't delete in a
sudden datagrid. This is of course not secure enough so therefore the checks
in the events.
This just sounds like a plain nightmare to maintain and develope. Do you
have a clever suggestion to this issue? I guess it's not the first time this
have come up.
To summerize. I want to avoid this.
private void datagrid_DeleteCommand(object source, DataGridCommandEventArgs
if(User.IsInRole("Admin") || User.IsInRole("Developer"))
long currentid = Int64.Parse(((Label)e.Item.FindControl("lblid")).T ext);
Thanks in regards
|All times are GMT. The time now is 11:10 PM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.