Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Require multiple role membership?

Reply
Thread Tools

Require multiple role membership?

 
 
Arthur Dent
Guest
Posts: n/a
 
      12-10-2004
Is there any way in the web.config "allow roles" authorization section, to
AND the roles together?
Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
there could be Admin employees, and Admin Customers, each with access to
different sections.
Is there a way to specifiy that you can only get into the folder "AppAdmin"
if you are in role Employee AND role Administrator?
As ive seen it before, the roles by default only OR together.

Thanks in advance,
- Arthur Dent


 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      12-10-2004
I don't think you can do this via web.config. You could do this
programmatically with IsInRole calls, but that is extra work.

Another way around this might be to create "AND" roles when you do your role
mapping, so that you have a special role like EmployeeANDAdminstrator that
you could then use in web.config.

HTH,

Joe K.

"Arthur Dent" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Is there any way in the web.config "allow roles" authorization section, to
> AND the roles together?
> Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
> there could be Admin employees, and Admin Customers, each with access to
> different sections.
> Is there a way to specifiy that you can only get into the folder
> "AppAdmin" if you are in role Employee AND role Administrator?
> As ive seen it before, the roles by default only OR together.
>
> Thanks in advance,
> - Arthur Dent
>



 
Reply With Quote
 
 
 
 
Arthur Dent
Guest
Posts: n/a
 
      12-10-2004
Yeah, thats what im doing at the moment... i have my roles defined in an
enum, and as additional members of the enum i have my combined roles, then i
check those names (i use System.Enum.GetName() to define my role names). Eg.
Enum UserRoles
Employee = 2
Administrator = 4
AdminEmployee = Employee Or Administrator
End Enum

Then in my allow role i add AdminEmployee.

I just thought maybe there was a way to do this without creating combinatory
values like that.
Thanks!


"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:O9eOf%(E-Mail Removed)...
>I don't think you can do this via web.config. You could do this
>programmatically with IsInRole calls, but that is extra work.
>
> Another way around this might be to create "AND" roles when you do your
> role mapping, so that you have a special role like EmployeeANDAdminstrator
> that you could then use in web.config.
>
> HTH,
>
> Joe K.
>
> "Arthur Dent" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Is there any way in the web.config "allow roles" authorization section,
>> to AND the roles together?
>> Eg. in my app, i have roles Customer, Employee, and Admininstrator. Now,
>> there could be Admin employees, and Admin Customers, each with access to
>> different sections.
>> Is there a way to specifiy that you can only get into the folder
>> "AppAdmin" if you are in role Employee AND role Administrator?
>> As ive seen it before, the roles by default only OR together.
>>
>> Thanks in advance,
>> - Arthur Dent
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AzMan Role Based Security vs. ASP.NET Role Based Security Kursat ASP .Net Security 1 05-07-2007 01:33 PM
Role Based Security in multiple projects Ammar Mujeeb via .NET 247 ASP .Net 0 03-07-2005 07:01 PM
Docs? Some Classes Require Administrator Role... clintonG ASP .Net 4 07-15-2004 02:22 PM
Role-Based Security: ACLs and Role Hierarchies Liet Kynes ASP .Net 0 11-26-2003 08:08 AM
Role-based security: Access the role of current user Jesper Stocholm ASP .Net 2 08-23-2003 06:59 PM



Advertisments