Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
ASP.NET Security, Roles?
Message
From
11/02/2004 20:18:59
Neil Gorin
Brooklyn, New York, United States
 
 
To
10/02/2004 19:38:44
Kendall Webb
KRW Enterprises
Duvall, Washington, United States
General information
Forum:
ASP.NET
Category:
The Mere Mortals .NET Framework
Title:
Re: ASP.NET Security, Roles?
Miscellaneous
Thread ID:
00875536
Message ID:
00876533
Views:
17
Hi Kendal,

Thank you for all of your direction. I studied your steps 1 through 4 and have come up with a simple solution that utilizes basic mm.net classes. I did not go as deep into the framework as you did, did not develop an sproc and did not have to override code in the page load event. Please review and comment.
using OakLeaf.MM.Main;
using OakLeaf.MM.Main.Web;
using OakLeaf.MM.Main.Security;

protected mmRole oRole;

private void Page_Load(object sender, System.EventArgs e)
{
  if (!this.DoesUserHaveRole("Administrator"))
					                       
  {
   mmMessageDisplay.DisplayMessage(Context,
   "Administration Role Access Has Been Denied",
   "Your Login was denied because you do not have an Administror role.",
   "UserLogin.aspx?Url=gmgOnline.aspx",4);
  }

 //..........
 //..........
}
private bool DoesUserHaveRole(string tcRole)
{
  ///  if User has Role == tcRole, Return true, else Return false 
  this.oRole = mmAppWeb.Factory.CreateRoleObject();
  object UserPk = Session["mmUserSecurity_UserPk"];
  DataSet dsRoles =  this.oRole.GetUserRoles(UserPk);
  int NumOfRoles = dsRoles.Tables[0].Rows.Count;
  int rowCtr;
  DataRow oRow;
  for (rowCtr = 0; rowCtr <= NumOfRoles-1; rowCtr++)
  {
   oRow= dsRoles.Tables[0].Rows[rowCtr];
   if (oRow[oRole.DescriptionField].ToString().Trim() == tcRole)
   {
     return true;

   }
  }
  return false;
} 
  Page_OnInit()
  this.RequriesSecurity
PS Any thoughts on how to secure a Grid TemplateColumn HyperLink?

>Neil,
>
>Well , I don't feel like I'm in the catacombs! As to your question about using the security bizobjects to maintain the security tables is another topic altogether, <g>, and isn't addressed in my answer on how to implement role based form security. I'm using the AdminUser form pretty much out of the box and it uses all of those security bizobj classes you are talking about. That works fine for me right now, maybe later I'll tweak that a little. Bigger fish to fry...
>
>But, anyway, I think that the basic deal that I showed you was really pretty simple.
>
>1. Override code in the page_load to check for an Admin User
>2. Hook up a business object method that calls a sproc
>3. BO calls the sproc and returns a value
>4. Override code then processes the value
>
>There was nothing that was a lot of effort really. It was simple to create each piece by looking at the Dev Guide for examples. I looked for methods in the framework to do what I wanted, but did not find them so I just built what I needed. I'm way on to other stuff now like grinding out CRUD forms! Hope you can make it work without too much more trouble! Like I also said, if there's a better way...I'm listening. <s>
>
>>Hence the rub. I don't have your stored procedure. And at this point I have picked you to pieces anyway. It seems to me that you are spending a lot of effort under the hood, down deep and dirty in the catacombs of the framework. I was looking at the Security section of the developer's guide (v 1.1.3) and it seems as if a lot can be gained by working with the internal security bizobjs that manage all of the security tables.
>>
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform