tags:

views:

277

answers:

2
Q: 

Setting up user permissions for reading and writing document files in IIS7

Hi

I want to make a very simple CMS for my sites. So what I am thinking is this a user logs in and a list of their pages shows up. Now they change their ends and save it. My C# code would then write over the file/section.

So I don't think it would be to bad to do this however I am not sure about how it works with read and write premission and how to set it up.

Like I want the user to only be able to read and write to their files they own.

So if User A has Page1.html and Page2.html they can only read those files and write to those files they can touch User B's page3.html and Page4.html

So how would I setup this up?

Thanks

+1  A: 

When you create your list of files, you will be reading that list from a database repository. Include in that code conditions that allow only those records for which the user has permission.

The most straightforward way to do this is to create a table with two columns: UserID and DocumentID. A presence of a record in the table indicates that the user has permission to that particular document. Add records to this table that give the user permissions to the appropriate documents.

Then, when you read the documents from the database, you can join this table to the documents table via the DocumentID, and filter the table by UserID. This will return only those records for which the user has permission. You can then use that set of records as the basis for the list of documents that you display to the user.

Robert Harvey  2009-11-15 01:27:06
To add, if an user attempt to 'read/edit' another user's file via say URL or hacked postback, you will have to explicitly deny the access in your code by always checking the user and the requested file/document.
o.k.w  2009-11-15 01:51:47
A: 

You could employ a cms the SharePoint way. You begin with a base file on the network. If a change to it is made then the page is stored in a database. each subsequent change is a db change and the application renders the last entry in the table for that page.

this does two things. first, you can see revisions and re-instate them. you can see a complete history of the page, who made the changes and when.

it also allows you to lock pages within the database and assign roles/users against the pages. you can then apply a decoration to the controller which checks rights and either renders the page or displays a access denied page and then log the attempted access to the page.

i know this sounds complex but can you foresee a time when after you've gone live with your cms that the client is going to want more from it? you need to implement a solution that's adaptable to needs.

if it's worth writing then it's worth writing well.

griegs  2009-11-15 03:40:31

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?