Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Scheme Opinions

Status
Not open for further replies.
jfrost10

jfrost10

Programmer
Jun 3, 2001
2,004
CA
Hi guys,

We're beginning a new project, and are in discussions about what a good security scheme would be for an ASP.NET project. We know how to keep users away from jumping to pages via url, but whats the best way to determine what gets shown on the actual page depending on the user?

Let me know what your experiences are.

Thanks,
Jack
 
Sort by date Sort by votes
Forms authentication is very flexible in controlling access to content but if the website is accessed by external users it requires SSL for protection of passwords and data.
 
Upvote 0 Downvote
Hi Kyle, thanks for the reply.

I guess i should have been more specific. We are going to use SSL for the access. Its more of the internal side of things I was questioning.
I.E.
Lets say we have a group of pages that deal with accounting. one user should access pages 1 and 2, another should access 2 and 3. What would be the best way to authenticate a user for access to a specific page?
We have two theories right now:
1. Have a whole bunch of security boolean's in the user table of our db which the corresponding page would check
2. have each user part of a group, and check which style of the page a specific group has access to.

Any other thoughts on how to approach it?

Thanks again,

Jack
 
Upvote 0 Downvote
Jack,
If the users are going to log into the site, you can capture their login credentials in a database. You can setup a permissions table in the database and assign access priveleges to users.

For example, an "Admin" or "Restricted" page will require that the user has access to "Restricted" pages. In the db, you can use boolean fields for each type of access and then assign each value a true/false for each user.

You can also create a security class in C# to manage the security as well.

Matt
 
Upvote 0 Downvote
Jack,

I've been hesitant to post this because I haven't had a chance to check it out but I thought I'd throw out an idea that I would be checking out if I were looking for a way to manage page level security. I would be using NTFS Access Control Lists (ACL) for each file. In my case it is easier for us to maintain a list of who has access to each file and grant permissions by user. Our users don't easily fit into groups but if your users access lists fit into groups that will work very well. By using NTFS permissions and ASP.NET built-in security with the Windows built-in authentication option, control is very easy. You use the web.config file to set up Windows authentication in ASP.NET. I think this might work very well but I haven't tested it yet. I think it's pretty straight forward but if your interested in it and have any questions I can check it out and help out. Let me know.

Kyle
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gajender10
  • Locked
  • Question
read IE client side security settings thru JavaScript
Replies
0
Views
44
gajender10
gajender10
NoCoolHandle
  • Locked
  • Question
security error - medium trust envirnoment
Replies
1
Views
33
jmeckley
jmeckley
daveonion
  • Locked
  • Question
Running Stored Procedure security error 1
Replies
2
Views
44
daveonion
daveonion
jrenae
  • Locked
  • Question
Hiding web.sitemap links using security trimming
Replies
0
Views
28
jrenae
jrenae
jrenae
  • Locked
  • Question
security trimming not working with virtual path
Replies
0
Views
29
jrenae
jrenae

Part and Inventory Search

Sponsor

Back
Top