Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Dynamic page security authorization?

Reply
Thread Tools

Dynamic page security authorization?

 
 
Craig Vedur
Guest
Posts: n/a
 
      08-30-2005
Hey,

My client wants to implement some sort of dynamic location role-based
security rule for a web app. Normally, in my web.config, I define the
location authorization rules such as:

<location path="WebForm.aspx">
<system.web>
<authorization><allow roles="Employee" /></authorization>
</system.web>
</location>

However, he wants to build an admin page that will keep track of pages and
role access in a database.

How can you implement this sort of 'dynmaic page authorization'? Obviously,
I can't define the rules in the web.config anymore.

Anybody have any ideas? Is it possible to add these rules at runtime?
Thanks
 
Reply With Quote
 
 
 
 
Pat
Guest
Posts: n/a
 
      08-31-2005
Craig you could have a folder called Admin and under the Admin folder add
the neccesary (aspx)files you want to protect.
And later apply the neccesary Authorization.
Hope that helps
Look at this article at:- http://dotnetbips.com/displayarticle.aspx?id=117
Patrick


"Craig Vedur" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hey,
>
> My client wants to implement some sort of dynamic location role-based
> security rule for a web app. Normally, in my web.config, I define the
> location authorization rules such as:
>
> <location path="WebForm.aspx">
> <system.web>
> <authorization><allow roles="Employee" /></authorization>
> </system.web>
> </location>
>
> However, he wants to build an admin page that will keep track of pages and
> role access in a database.
>
> How can you implement this sort of 'dynmaic page authorization'?

Obviously,
> I can't define the rules in the web.config anymore.
>
> Anybody have any ideas? Is it possible to add these rules at runtime?
> Thanks



 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      08-31-2005
Hello Craig,

the Authorize_Request event in the HttpPipeline is what you are looking for.
Here you get information like the identity of the user, his role memberships
and the requested resource. You can dynamically determine if the use is authorized
and cancel the request/pass back 401 if you like.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hey,
>
> My client wants to implement some sort of dynamic location role-based
> security rule for a web app. Normally, in my web.config, I define the
> location authorization rules such as:
>
> <location path="WebForm.aspx">
> <system.web>
> <authorization><allow roles="Employee" /></authorization>
> </system.web>
> </location>
> However, he wants to build an admin page that will keep track of pages
> and role access in a database.
>
> How can you implement this sort of 'dynmaic page authorization'?
> Obviously, I can't define the rules in the web.config anymore.
>
> Anybody have any ideas? Is it possible to add these rules at runtime?
> Thanks




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET Master Page & Dynamic Page Title Chris Walls ASP .Net 8 07-25-2007 05:38 PM
Creating multi-page dynamic page in ASP.NET Vadim Vulfov ASP .Net 3 06-02-2005 01:13 PM
Dynamic control on aspx page, dynamic location Chris Thunell ASP .Net 3 07-21-2004 04:52 PM
Dynamic page generation page examples? Stephen Walch ASP .Net 0 10-06-2003 04:43 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments