«

Hi

I work for a company that has user and user roles in the database and a
very, very complicated long list of rules on how to let a person see the data
from a page or control. My question is I want to re-write the security object
and I am looking for suggestions as to what the best way to do this would be.

Any suggestions?

Hello seal,

What do you mean with Security Object??


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi
>
> I work for a company that has user and user roles in the database and
> a very, very complicated long list of rules on how to let a person see
> the data from a page or control. My question is I want to re-write the
> security object and I am looking for suggestions as to what the best
> way to do this would be.
>
> Any suggestions?
>

Hi Dominick

Thanks for the response. By Secutiy Object, I mean my own dll that will
handle the decision that a particular client that is part of a particular
group (defined by us, in this case lets say a data_entry user vs. an
administrator user) can or cannot see data on a page. We need to restrict
some users to only see their clients and others can see their clients as well
as clients that they have what we call a partnership with. I was going down
the path of creating my own custom object that would use the IPrincipal
interface and each page in our database would have a particular role assiged
to it, so that if a user does not match the role he would be re-directed to a
page that politely tells him he cannot see this clients data. Make any sense?

"Dominick Baier [DevelopMentor]" wrote:

> Hello seal,
>
> What do you mean with Security Object??
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi
> >
> > I work for a company that has user and user roles in the database and
> > a very, very complicated long list of rules on how to let a person see
> > the data from a page or control. My question is I want to re-write the
> > security object and I am looking for suggestions as to what the best
> > way to do this would be.
> >
> > Any suggestions?
> >
>
>
>
>

Hello seal,

so if it all boils down to groups - IPrincipal is the perfect place - you
may not even have to create your own implementation, just couple the user
with your application roles in Application_AuthenticateRequest.

i have a sample which may get you started:
http://www.leastprivilege.com/PermaL...0-bc8cfbec4c3a

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi Dominick
>
> Thanks for the response. By Secutiy Object, I mean my own dll that
> will handle the decision that a particular client that is part of a
> particular group (defined by us, in this case lets say a data_entry
> user vs. an administrator user) can or cannot see data on a page. We
> need to restrict some users to only see their clients and others can
> see their clients as well as clients that they have what we call a
> partnership with. I was going down the path of creating my own custom
> object that would use the IPrincipal interface and each page in our
> database would have a particular role assiged to it, so that if a user
> does not match the role he would be re-directed to a page that
> politely tells him he cannot see this clients data. Make any sense?
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello seal,
>>
>> What do you mean with Security Object??
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hi
>>>
>>> I work for a company that has user and user roles in the database
>>> and a very, very complicated long list of rules on how to let a
>>> person see the data from a page or control. My question is I want to
>>> re-write the security object and I am looking for suggestions as to
>>> what the best way to do this would be.
>>>
>>> Any suggestions?
>>>

Dominick

Thank you for taking the time to respond, I feel better knowing that I was
going down the right path. Thanks for the examples as well.



"Dominick Baier [DevelopMentor]" wrote:

> Hello seal,
>
> so if it all boils down to groups - IPrincipal is the perfect place - you
> may not even have to create your own implementation, just couple the user
> with your application roles in Application_AuthenticateRequest.
>
> i have a sample which may get you started:
> http://www.leastprivilege.com/PermaL...0-bc8cfbec4c3a
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi Dominick
> >
> > Thanks for the response. By Secutiy Object, I mean my own dll that
> > will handle the decision that a particular client that is part of a
> > particular group (defined by us, in this case lets say a data_entry
> > user vs. an administrator user) can or cannot see data on a page. We
> > need to restrict some users to only see their clients and others can
> > see their clients as well as clients that they have what we call a
> > partnership with. I was going down the path of creating my own custom
> > object that would use the IPrincipal interface and each page in our
> > database would have a particular role assiged to it, so that if a user
> > does not match the role he would be re-directed to a page that
> > politely tells him he cannot see this clients data. Make any sense?
> >
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> >> Hello seal,
> >>
> >> What do you mean with Security Object??
> >>
> >> ---------------------------------------
> >> Dominick Baier - DevelopMentor
> >> http://www.leastprivilege.com
> >>> Hi
> >>>
> >>> I work for a company that has user and user roles in the database
> >>> and a very, very complicated long list of rules on how to let a
> >>> person see the data from a page or control. My question is I want to
> >>> re-write the security object and I am looking for suggestions as to
> >>> what the best way to do this would be.
> >>>
> >>> Any suggestions?
> >>>
>
>
>
>