Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access Control System

Status
Not open for further replies.
sonya9879

sonya9879

Programmer
Jun 18, 2004
147
CA
Hi,

I am building an access control system and I am storing all user permissions and groups in SQL Server. My site has many different sections and each user may or may not have access to one of those sections and within that section I will have another layer of permissions, i.e. read access/write access etc..

As I will need to be checking the users rights in every single part of the site, I am thinking whats the best approach to achieve this. I do not want to end up creating a procedure in every single section. I would like to have a single place where i can call the access control code and verify retrieve the appropiate permissions and rights.
Should I be writting this procedure in the global.asax file and use session variables to store the permission for the user so I can call that from anywhere in the site?

Thanks for your thoughts
 
Sort by date Sort by votes
I would perform a SP call one in the page that authenticates the user. Then store necessary permission into session variables.
 
Upvote 0 Downvote
thanks jbenson001, so session variables is the way to go then?
 
Upvote 0 Downvote
Using session variables seems to be a good suggestion for this scenario as the function will only need to be called once (when the user logs in) but the details of the login (i.e. what they have access to will be available from any page via the session. What I would do though, is create a class to hold all of the details and store the instance of the class in the session.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
thanks ca8msm, that sounds like an interesting approach. u wouldn't know a place where i could find a sample of a class?
 
Upvote 0 Downvote
If it's at all possible to make your system roles-based, you can stuff the roles into a Forms Authentication Ticket (which is sort of the ASP.NET way of doing it), or for something more robust or unorthodox, create an IPrinciple object.

With the above two approaches, you can configure security easily through web.config or have more granular control by checking .IsInRole() on the page (which can be accomplished by means of a base page class which all the pages can inherit from such that they all implement the base page's security model).

This may be a goldmine for you:

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
948
weberm
weberm
Jo_Miracle
  • Locked
  • Question
Loading Dynamic XML Files In To A Tree View Web Server Control
Replies
1
Views
314
jbenson001
jbenson001
koklimabc
  • Locked
  • Question
How to change attributes value of user control in div
Replies
2
Views
257
koklimabc
koklimabc
SGLong
  • Locked
  • Question
Where Is My Control
Replies
2
Views
252
SGLong
SGLong
Adonetok
  • Locked
  • Question
Use absolute or relative for a control
Replies
0
Views
151
Adonetok
Adonetok

Part and Inventory Search

Sponsor

Back
Top