username or uid, or your own user tables?

[JJ]

Just wondering what approach you more experienced developers take here:

I am writing a basic cms system to add pages to a site. One function I want
to add is to limit access to a new page on either a role or user basis.

My basic question is:
When assigning permissions in to (for example) a page in a cms, would you
use the built in asp.net username, uid, or create your own user/role tables
and use the relevent unique ID to identify a particular user/role?

I notice cms systems like dotnetnuke etc seem to use their own user
management and not the built in asp.net user management system. I am not
sure whether this is to do with difficulties with using the 'built in' user
tables and obtaining a uid?

Also, if using the built in tables I assume you shouldn't create
relationships with them (and hence alter their structure)?
I'm a bit confused but hopefully you can see my point and what I'm trying to
say here :-\

JJ

 

[sloan]

Other than basic additions ( address , work phone number , etc)....
if you're doing a 2.0 project, you might want :
To implement a membership provider, you create a class that inherits the
MembershipProvider abstract class from the System.Web.Security namespace

See
http://msdn2.microsoft.com/en-us/library/f1kyba5e.aspx

http://www.devx.com/asp/Article/29256/0/page/3

http://www.15seconds.com/issue/050216.htm


That's membership. There's also a RoleProvider abstract class you can
implement.


Its not hard, but the devil is in the details.

 

[JJ]

I'm still a bit confused (sorry - new to this area).

My membership provider currently uses SQL server and saves all information
to the tables that are set up by running:
aspnet_regsql.exe.

I'm not sure that I need to actually store this information in the
'users'/'roles' membership tables - I would have thought that each page
(i.e. an entry in the pages table) will need a related permissions table
with the usernames/uid's or roles/roleid's of each user (or role) who can
access that page.

If that is the case, then my questions are:
(i) Am I 'allowed' to create a relation with the aspnet_users table in order
to get the uid (or should I just look it up when necessary)
(ii) How to you get the uid/roleid of a logged in user?
(iii) Is it ok to allow users to add/delete roles to the aspnet_roles table,
provided you hide the previously created admin/editor/etc priveledged roles?

Hope that makes sense,

JJ