Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Displaying Links depending on user privileges

Status
Not open for further replies.
M8KWR

M8KWR

Programmer
Aug 18, 2004
864
0
0
GB
I am very new to asp, so please bare with me.

I am trying to create a simmple site, with a user login page.

The user have certain privileges (to what pages they are able to go to).

I have create a master page, i would like to have a number of links (these connected to the style sheet i have created), so example Page1 / Page2 / Page3 etc

But cetain users i would not want to see Page2, how would i go about this.

If its any helps i am using vb code (or that may be no help at all).

In essence i am just trying to control what the users is seeing on the pages, depending on their user.

Many thanks for any help and advice in advance.
 
Sort by date Sort by votes
That's easy enough... done it many times.

Essentially, you can do it with IF statements.

If UserLevel > 3 then
Response.write "The link goes here..."
Else

... something along those lines.



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg
 
Upvote 0 Downvote
But if am a user and I see

Page 1 / Page 3 / Page 4 ....


with a URLs like

You can rest assured the next thing I'm typing is

My point is that merely hiding them (security through obscurity) won't keep users out of them.

One approach might be on login to set a session variable that would be checked on the load of any page. If the session variable value is acceptable the page loads, otherwise the user is unauthorized.

If you have multiple users and multiple passwords, are you storing them in a database? How are you working your login?
 
Upvote 0 Downvote
You can rest assured the next thing I'm typing is
www.mysite.com/page2.asp
Click to expand...

While that may be true, it should be assumed that each (and every) page starts with a security check. If the user does not have the appropriate privileges to view a page, then you should re-direct them to another page explaining the problem.

Additionally... you could name your pages something more interestings (other than Page 1, Page 2, etc...) Something like.... Details.asp, ContactInformation.asp, SalaryHistory.asp

Then, if you don't want some users visiting the SalaryHistory page, don't show the link. You may guess Page2.asp if you see a page1 and a page 3, but would you guess SalaryHistory.asp ?



-George

"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom
 
Upvote 0 Downvote
george said:
While that may be true, it should be assumed that each (and every) page starts with a security check. If the user does not have the appropriate privileges to view a page, then you should re-direct them to another page explaining the problem.
Click to expand...

me said:
One approach might be on login to set a session variable that would be checked on the load of any page. If the session variable value is acceptable the page loads, otherwise the user is unauthorized.
Click to expand...

Cool, I had that part right. Still learning.
 
Upvote 0 Downvote
Many thanks,

I am using session variables, to make sure a certain user of the system is able to view that page and if not then re-direct them to a page explained why.

My main reason i did not want to show button/links etcs if the user was not able to use them in the first place.

It would annoy me as a user if i was able to click on something but kept getting an error explaining you did not have permission to view this page.

I have worked out something with link buttons, so on the page load it will hide them if the user is unable to go to that certain link - hopefully this should do the trick.

Completely valid point about naming pages, i was only using Page1,2,3, etc as an example.

The usernames and password as stored in an sql database, i have got my own encryption, which checks to see if the user exists or not.

Against the system i have a group policies, obviously with members(users), this will determine what the user is able to do within the system, such as edit/delete/add records in certain area of the system. In addition to this I have got database group policies. So if a user hasn't got one setup it defaults to the system one.

This just gives more flexibility that a user could have different permissions over 2 databases; without having to create 2 user accounts - or this is how i feel it should work anyway :)

Many thanks for all of yoru advice.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
116
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
READ TEXT FILE BASED ON VARIABLE 1
Replies
2
Views
150
guitarzan
guitarzan
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
167
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
146
JScannell
JScannell
penguinspeaks
  • Locked
  • Question
iis woos (not displaying pages correctly)
Replies
1
Views
145
penguinspeaks
penguinspeaks

Part and Inventory Search

Sponsor

Back
Top