Question about Security

[Jeff Cope]

I'm going to be writing an asp.net application that certain users have
access to specific pages and others don't. User authorization will be
handled within the application via a login page. My question is, what is a
good approach to use to prevent certain users from accessing a page while
allowing others access?

As it stands, I'm planning to use a session variable to first make sure the
user has been logged into the system and second has access to the requested
page. If either case is false, the user would be redirected to the login
page.

Is there a better way to handle this in asp.net?

 

[Philipp Sumi]

I would suggest to derive all your pages from a custom "BasePage" (that
itself is dervied from the standard Page class. Within this base class,
you could expose logic to test the user's security context that is being
tested in your web forms, eg

if (!HasPermission(CustomPermission.EditContent))
{
//show error or whatever
}


The granularity may be chosen depending on your needs:

protected bool IsAdmin();
protected bool HasPermission(CustomPermission permission);
protected bool IsInRole (CustomRole role);



HTH

Philipp

 

[jeffreycope]

Thanks for your help.