How do I check for user roles?

[RichieMac]

Hi all,

I have written a simple login screen. I have an Access datbase that holds 3 fields - Username, Password and Role. I can authenticate the user but what I now want to do is only carry out the required behaviour corresponding to the role(s) the user has. i.e. if the user has a role of manager then he/she can only behave as the system says a manager should.

I know there is a way to use the Windows account but have no idea how this would work and if it would be benificial to my simple solution.

If there is anyone out there that can point me in the right direction, because I'm totally new to these security issues, I would be very grateful.

Thank you in advance.
Richie

 

[Nelviticus]

Are you using ASP.Net or Windows forms? I belive they work somewhat differently. I've only ever done this in ASP.Net but in Wondows forms I think you can use a WindowsIdentity class from System.Security.Principal. You use the GetCurrent() method to return a WindowsIdentity object for the current user which you can then work with.

In ASP.Net Page.User has an IsInRole() method.

Nelviticus

 

[RichieMac]

Hi Nel,

No I'm not using ASP. I'll look into the WindowsIdentity object and see what I come up with.

Thanks for the pointer.

Richie