I am using Forms authentication in my asp.net (3.5) application. I am also using roles to define what user can access which subdirectories of the app. Thus, the pertinent sections of my web.config file look like this: <system.web> <authentication mode="Forms"> <forms loginUrl="Default.aspx" path="/" protection="All" timeout="360" ...
I was going to ask a question here about whether or not my design for some users/roles database tables was acceptable, but after some research I came across this question: What is the best way to handle multiple permission types? It sounds like an innovative approach, so instead of a many-to-many relationship users_to_roles table, I ha...
Hi, I'm having trouble granting privileges to another user in PostgreSQL 8.3. While the GRANT command gives me no error, the privileges do not show up. Do I need to "flush" them? sirprize=# CREATE DATABASE testdb; CREATE DATABASE sirprize=# GRANT ALL PRIVILEGES ON DATABASE testdb TO testuser; GRANT sirprize=# \c testdb You are now conne...
I'm using membership and roles for authentication in my vb .net application. We have about 5 roles in the application with certain roles filling out a specific profile value. Example is the role is store and the profile value is store number. Obviously if you work for headquarters you don't have a store number so I don't care about it. E...
When userA uploads a file, his files will be uploaded to folderA, when userB, to folderB, and so on. Roles/Profiles in ASP.NET. Folders will be pre-existing. Anyone? ...
Hi, I have a desktop Human Resource (HR) application developed in WPF(C#|.NET 3.5) that does some employee management work for the HR,I need to implement user groups based security,meaning that I need to manage users who can access the system(username /password) and also give them CRUD Right and Screen Rights.Is that any basic framework ...
I have an ASP.NET 2.0 [no ajax...yet] web site that will be deployed in compiled form on multiple customer sites. Typically the site will be intranet only. Some customers trust all of their people and don't care about limiting access to the site and/or page functions, others trust no one and want only certain people and/or groups to be a...
What is the best database schema to track role-based access controls for a web application? I am using Rails, but the RBAC plugin linked by Google looks unmaintained (only 300 commits to SVN; latest was almost a year ago). The concept is simple enough to implement from scratch, yet complex and important enough that it's worth getting r...
In ASP.NET what's the best way to do the following: Show certain controls based on your rights? For a gridview control, how do you show certain columns based on your role? I'm thinking for number 2, have the data come from a role specific view on the database. ...
I have the following in my web.config: <location path="RestrictedPage.aspx"> <system.web> <authorization> <allow roles="Group1Admin, Group3Admin, Group7Admin"/> <deny users="*"/> </authorization> </system.web> </location> Within RestrictedPage.aspx.cs, how do I retrieve the allowed roles collection that c...
Which Oracle database role will allow a user to select from a table in another schema without specifying the schema identifier? i.e., as user A- Grant select on A.table to user B; B can then- "Select * from table" without specifying the 'A'. One of our databases allows this, the other returns a 'table or view does not exist' error. ...
...I want to Show the 'delete' button when user is an admin, and show the 'add item' button when user is a contributor: <!-- More code above --> <asp:BoundField DataField="Description" HeaderText="Description" SortExpression="Description" /> <asp:TemplateField ShowHeader="False"> <ItemTemplate> ...
I want to user Role based security through the authorization section in the web.config file. Using Membership, my application will allow for new Roles to be created, and thus, the pages they can access need to be set dynamically. Can I programatically alter this section in the web.config to manage this? If so, how? ...
I'm using ASP.NET Membership and noticed there isn't a method in the Roles class to modify a role (its name for instance), only to create and delete them. Is it possible or it's not supported? EDIT: @CheGueVerra: Yes, nice workaround. Do you know (for extra credit :) ) why it's not possible? ...
Hello, I have a project requirement where I need to authenticate against ActiveDirectory in a remote/disconnected WPF application. There is probably several ways to attempt to do this, but what would be the best approach using ActiveDirectory's MembershipProvider? I need to: Authenticate that the user exists. obtain the AD user's gr...
I have a few users setup in the web.config of an asp.net site to handle authentication. Without getting into details I'm not using the full membership/role provider and would rather not have to implement it at the moment do to time constraints. However I do need the ability to assign a role to a user so that securityTrimming works on the...
If have created a custom role within SqlServer which I added to the db__denydatareader and db__denydatawriter roles. I think went through the db and granted exec permission to all neccersary stored procedures. Everything works fine, calling those sps will run fine. The one exception is a stored procedure which executes dynamic sql by u...
As a glutton for unproven sexy techniques I've adopted System.Web.Routing in my Web Forms application to manage navigation and such. Further, I'm hoping to move role-based security from web.config to the route definitions itself so I can say "this route is only available to roles x, y". So I've got the class that implements IRouteHandl...
In a custom role provider (inheriting from RoleProvider) in .NET 2.0, the IsUserInRole method has been hard-coded to always return true: public override bool IsUserInRole(string username, string roleName) { return true; } In an ASP.NET application configured to use this role provider, the following code returns true (as expected): Ro...
Hello, some time ago I found an article (Roles: Composable Units of Object Behavior) describing the pros of using Roles versus Interfaces or other ways of dealing with behavior requirements. Does any of you knows where I can find more literature about that, or knows more about Roles? I know that that's almost a research topic, but maybe...