Form Level Role Based Authentication

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Form Level Role Based Authentication

Message

From

17/05/2005 00:27:30

Kevin McNeish
Oak Leaf Enterprises, Inc.
Troy, Virginia, United States

16/05/2005 20:14:00

Roger Plichta
MyCarPage
Los Angeles, California, United States

General information

Forum:

ASP.NET

Category:

The Mere Mortals .NET Framework

Title:

Re: Form Level Role Based Authentication

Environment versions

Environment:

C# 1.1

OS:

Windows XP SP2

Network:

Windows 2003 Server

Database:

MS SQL Server

Miscellaneous

Thread ID:

01014722

Message ID:

01014764

Views:

Roger,

>I've been searching the Developer's Guide and Universal Thread, but haven't found a solution. I was hoping that someone might be able to offer a suggestion.
>
>I am looking for role based security at the form level in addition to (or even replacement of) at the control level.
>
>For example:
>
>Group Administrators has users:
> Bob
> Shari
>
>Group Accounting has users:
> Michael
> Michelle
>
>Group CustomerService has users:
> Henry
> Audrey
>
>There is a website with 5 pages:
>
>index.aspx (All)
>admin.aspx (Administrator Only)
>report.aspx (Administrator & Accounting)
>cs.aspx (Administrator & CustomerService)
>junk.aspx (All)
>
>I can see how to do this at the control level, but I don't think that I need to set security for each control. I would love to do this at the page or form level. Any thoughts?

What do you want to happen if the role does not have access to the page?

To get you started, there is no form-level security by default, but you could do the following:

Create a subclass of mmBusinessWebPage and add the following property to it:

/// <summary>
/// Unique security control ID
/// </summary>
[Browsable(true), Category("Security"), 
Description("Unique security control ID."),
Editor(typeof(mmControlIDTypeEditor), typeof(UITypeEditor)),
DefaultValue(null)]
public virtual Guid ControlID
{
	get { return this._controlID; }
	set { this._controlID = value; }
}
private Guid _controlID = Guid.Empty;

Override the RedirectToLogin() method, and add code that stores the form's ControlID property value in a session variable, then calls the base class method.
Next, in your web app's UserLoginForm, override the Login() method. Add code that retrieves the form's ControlID from the session variable and makes a call mmAppBase.SecurityManager.GetAccesLevel(userPK, securityID) to retrieve the current user/role's access to the form. Not sure what you want to do at that point, but hopefully this gets you headed in the right direction.

Regards,
Kevin McNeish
Eight-Time .NET MVP
VFP and iOS Author, Speaker & Trainer
Oak Leaf Enterprises, Inc.
Chief Architect, MM Framework
http://www.oakleafsd.com

Map

View

Click here to load this message in the networking platform