Security roles

[Andrew Banks]

Can anyone point me in the direction of a good tutorial/guido using security
roles with forms authentication in C#

I have an admin section to my website and would like two levels of admin.

I'm currently detecting a filed in the DB and if the user doesn't have full
access rights, I hide the links to certain sections. Far from secure as they
could still type te URL of the page and get direct access.

Thanks in advance

 

[Guest]

You may want to check out some of the starter kits on ASP.NET. The time tracker kit is a good example of what you are asking.

 

[Mary Chipman]

The asp.net security best practices whitepaper is a good resource--it
discusses all aspects of securing your app:
http://www.microsoft.com/downloads/release.asp?ReleaseID=44047
The threats and countermeasures paper may also be helpful:
http://msdn.microsoft.com/asp.net/default.aspx?pull=/library/en-us/dnnetsec/html/threatcounter.asp

-- Mary
MCW Technologies
http://www.mcwtech.com