User's validations

[technisup]

Hi, I need to do something with ASP.Net, I have users that are going to have 3 different kins of roles/profiles: Administrators, Salesman and Responsibles. According to each one of these user will have access or not to some pages and/or delete, add, modify data from the db.

The question would be: is it much better to build a customized table in the db due to i need to work with this info from another tables and do reports, or, use the ASP.Net configuration option?
Either the answer, can u help me with some examples or web pages with this?

Thanks in advance for the help.

 

[jmeckley]

if you're using the tranditional webform medthodology then I would go with web.config and configure the authorization/authenticaiton. Create a practical directory structure to simplify the security setup.

As for loading the User/roles. Create a login page and use the GenericIdentity/Principle objects to set the username and roles.

Google "web.config authorization", "web.config authentication", system.security.principal, system.security.IIdentity, system.security.generic principle and other variations for more details.

if you're using some form of MVP/MVC then you could use the presenter/controller to control security. (I personally like attributes on my controllers for this). If this paragraph doesn't make sense, then the previous paragraph is the way to go.



Jason Meckley
Programmer
Specialty Bakers, Inc.