mike55 Posted July 27, 2005 Posted July 27, 2005 Hi, When my user logs into the system, I create a session variable to store their username and their access level, currently there are only two access levels 1 => administrator or 2 => manager. The manager has only permission to view some of the pages. Is it possible to set in the web.config file, that a particular page can only be viewed if a person has access = 1. This is in response to someone once they have logged into the system simple typing the url of a page that they are not suppose to be able to see. Mike55 Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Administrators PlausiblyDamp Posted July 27, 2005 Administrators Posted July 27, 2005 Rather than implementing your own security model you may want to look at Forms Authentication. that would give you a simple method of administering access via the web.config. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
mike55 Posted July 27, 2005 Author Posted July 27, 2005 Rather than implementing your own security model you may want to look at Forms Authentication. that would give you a simple method of administering access via the web.config. Yea, am using Form Authentication, however I need to effectively lock down some pages to prevent a certain class of user gaining access to that page. Mike55. Quote A Client refers to the person who incurs the development cost. A Customer refers to the person that pays to use the product. ------ My software never has bugs. It just develops random features. (Mosabama vbforums.com)
Administrators PlausiblyDamp Posted July 27, 2005 Administrators Posted July 27, 2005 If you are already using forms authentication why are you also storing the user name and access level in a variable? You can always get the username via the User object (User.Identity.Name) and you could then implement a basic group model to control access to resources. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
SteveoAtilla Posted July 27, 2005 Posted July 27, 2005 Yea, am using Form Authentication, however I need to effectively lock down some pages to prevent a certain class of user gaining access to that page. Mike55. Each page (in Page_Load) needs to validate security level. If they have access, continue to load, otherwise redirect to error page. Quote The three most important things in life: God, your family, and the Green Bay Packers -- Not necessarily in that order. Winning is not a sometime thing. You don't win once in a while, you don't do things right once in a while, you do them right all the time. Winning is a habit. Unfortunately, so is losing. -- Vincent T. Lombardi
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.