User management and Page Access

Question

hi guys,

Just wanted to ask to how is User management and Page access based on user role is implemented?

1]Suppose page/feature access is to be given based on type of user eg: Sales,Marketing,Engineering .So we end up with something like

if(CurrentUser.IsInRole("Sales"))  
{  
//for - sales feature  
}  
else  
{  
// etc..etc..  
}  

How can this be avoided??

2]Suppose if a new role gets added/created then modifying the code isn't feasible?

3]Can the same design be used if the roles are stored in database?

Currently using Asp.net..but any generic/specific solution is welcomed too.

Thx
Amitd

Answer 1

You can restrict page access quite easily. Create, for example, a sub directory per usergroup: Sales, Administration, Marketing. Place in each of these directories a file called web.config with the following content:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <allow roles="Sales"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

Replace the role name in each file with the role(s) that can access these directories. Any webpage placed in one of these subdirectories is can only be viewed by users in that role.

This technique will work regardless of where users and roles are stored.