Authentication

[Luke Ward]

Hi

So far my application simply requests a user name and password, if user name
and pass match an entry in the database then the page is loaded.
------> FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);

For some pages I want to check for a permission level, what is the best way?
I am thinking I need to some how identify pages that require higher
permission levels to the Login.aspx, then Login.aspx can check for a bit
being set in DB or something?

I could use session vars, but was wondering if there is a mechanism built
into .Net?

Any comments welcomed.

Thanks

Luke

 

[Guest]

You can use a tinyint (0-255), and assign varying permission levels. Storing in session is always a good option.

 

[Max Power]

Hi

So far my application simply requests a user name and password, if
user name and pass match an entry in the database then the page is
loaded. ------>
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);

For some pages I want to check for a permission level, what is the
best way? I am thinking I need to some how identify pages that require
higher permission levels to the Login.aspx, then Login.aspx can check
for a bit being set in DB or something?

I could use session vars, but was wondering if there is a mechanism
built into .Net?

Any comments welcomed.

Thanks

Luke

It is always a good idea to check on each page if the user is authentic and
has not just jumped into the middle of the web application (depending on
the application, of course).

 

[NaraendiraKumar R. R.]

Looks like you are asking for page level authorization.

You can write an Http module to handle authorization instead.
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT04.asp
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

-Naraen