Role Based Security

[sean]

HI There,

I have created 3 tables in my application tblUsers, tblRoles,tblGroups, when
I perform a login and execute a store pocedure I return the user role for
example "administrators". I would like to restrict access to some of the
pages according to user role returned.

Could someone provide me with a code snippet?

Sean - thanks in advance

 

[William Ryan eMVP]

Hi Sean:

If I understand correctly, I think you could go with something like this...

In your app create a role on the db that corresponds to each one you have
stored. Then, once the query returns (you can use a general access account
for this) you could have a connection string built for each role, and based
on who it is, just use it. Based on the permissions, the db will lock them
out based on the connection string. However, this sounds like more of a UI
than a security issue per se in that if they aren't of the role you don't
even probably want them seeing it and being told they aren't allowed. If
that's the case, then set a static property in a security class that you
query at the onset of the app. Based on that you can make menu options
disappear/disabled etc.

HTH,

Bill

www.devbuzz.com
www.knowdotnet.com

 

[sean]

HI Bill,

Do you have any examples? I have had a look out on some sites but have not
found what I have been looking for.

sean