Securing Windows Form Controls In VB.Net 2005

  • Thread starter Thread starter squig9
  • Start date Start date
S

squig9

Hello,
I am am trying to come up with a way of securing controls inside of a
VB.Net 2005 application. I have searched and found information on
Window Security but it all seemed based on ASP.Net. I am looking to
have a user log in and obviously verify the username and password.
Upon successful login, windows buttons located on a main menu would be
enabled based on the user access that logged in. I want to have three
levels of security. One as read only, one that has limited access to
certain forms and another that has full access. I want one user to be
able to access a screen with controls such as text boxes but not be
able to edit them. Is there any good concepts out there on how to
manage this efficiently? Any help would be greatly appreciated.
Thanks, J
 
Hello,
I am am trying to come up with a way of securing controls inside of a
VB.Net 2005 application. I have searched and found information on
Window Security but it all seemed based on ASP.Net. I am looking to
have a user log in and obviously verify the username and password.
Upon successful login, windows buttons located on a main menu would be
enabled based on the user access that logged in. I want to have three
levels of security. One as read only, one that has limited access to
certain forms and another that has full access. I want one user to be
able to access a screen with controls such as text boxes but not be
able to edit them. Is there any good concepts out there on how to
manage this efficiently? Any help would be greatly appreciated.
Thanks, J

Hi,

Typically the easiest way is to use Windows Integrated security. To
use this, set the Thread.ThreadPrincipal to a WindowsPrincipal. You
can create one for the currently logged on user via the
WindowsIdentity.GetCurrent method.
From then on, your application can use the principal's IsInRole method
to see if the user is in a particular role, and hide access to forms
accordingly.

If you can't use integrated (domain) security for some reason, you can
create your own custom Principal and Identity classes, which can
authenticate against a database and load authorization roles from
there as well. This would be similar to asp.net, but there's not any
canned solutions in those regards.

HTH
Andy
 
Back
Top