Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET 1.1 Security/Priveledge ? 2

Status
Not open for further replies.
adddeveloper

adddeveloper

Programmer
Dec 16, 2006
43
US
We have an application with about 400 users. The way the user authenticates is via a government security card password, and each user has their own unique number...not their SSN, but like that...unique to each individual. When the user enters the application, they are all stamped as "webuser" so the DBA can see what's happening.

What we'd like to do is limit some users to "Read Only" access. We store each individuals unique number in a table so we know what database on the server they have access to, but I was wondering if via Principal or Identity I can limit them to "Select" statement against the db.....and not allow Insert/Update/Delete commands. We can put a flag in the same table which stores their name, and write a module to look for the flag....and exit the routine for a datagrid delete/update or a button which updates the db...but that means for the 20+ pages we have, and probably 10 places on each page....a lot of code.

Any ideas are welcome!

Thanks!
 
Sort by date Sort by votes
that's going to be a tricky one. those types of access levels are better handled by sql server itself. I think your on the right track with your idea. you will have to group the users then before running any type of sql statements simply check the group first then if OK run the statement, if not exit the sub. if your using active directory, you may be able to do something with grouping there. I think no matter what, your going to have to write some code.

 
Upvote 0 Downvote
Thanks dvannoy!

Since the users aren't really stamped with their WIN accounts when they log into the application, that's when I was thinking the code route was going to have to happen...thanks!

It'll be a bit intensive, and we'll have to cover our tracks, but I think the users will appreciate it, and we can start marking users on the fly as "Read Only" if need be.
 
Upvote 0 Downvote
Just my 2 cents. Create a roles table, so if the user clicks the update button you check thier roles to see if they have access to update or not. Or based on the roles when they come to the page the update button ect.. are disabled.

Additionaly you can create an admin page so the admin can change the roles of users ect..
 
Upvote 0 Downvote
kss444,

Good points. Always like to get the most ideas possible...thanks for chiming in!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
820
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
805
snakehips2000
snakehips2000
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
264
WIREMESH
WIREMESH
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
360
jbenson001
jbenson001
Carlvic
  • Locked
  • Question
Things need for ASP.Net
Replies
5
Views
409
Carlvic
Carlvic

Part and Inventory Search

Sponsor

Back
Top