0

Couple of days in a row I am trying to master APS.NET authentication process. I am completely confused.

I've created simple website which using Form authentication. ( This is totally magic ) Authentication works well, but have no clue how it works, probably code and SQL statements already injected somewhere deep in framework. But how do I create a custom control?

Lets say I have two categories of users: Member and Moderator.

I want Moderator able to execute Insert, Update, and Delete SQL staments but Member will be restricted for those operations and able to perform Select statement only and only for his records.

Could you guys guide me how can I achieve it using ASP.NET. Thanks!

Improve this question
1
  • if an answer helped you, don't forget to accept it as a basic courtesy to others... Commented Jun 6, 2012 at 7:13

2 Answers 2

Reset to default
2

First create Member and Moderator roles: https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx

And then just check in which role does the user belong before executing anything: http://msdn.microsoft.com/en-us/library/4z6b5d42.aspx

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

pOcHa, thanks for your answer. So in this case all the queries which will be executed outside application will be rejected? Say If someone wants outside of my application execute DELETE query (without form authentication) will it succeed?
@WildGoat no, this is only protecting your from inside the application (people will have to be in the Moderator role)- if somebody knows your db login, they can do whatever they want outside of it...
I am sorry I didn't get what do you mean. Could you please articulate it somehow. So if people know my connection string to db they can delete everything from my DB?
@WildGoat exactly! but you could encrypt the connection string (4guysfromrolla.com/articles/021506-1.aspx), or use a restricted login in the connection string (just selects) - and hard code the privileged login inside the app
But shouldn't it be already implemented by ASP.NET? it so popular problem I guess it should be somehow covered already. : (
|
2

You can create roles for both categories (Member and moderator).

http://www.asp.net/web-forms/tutorials/security/roles/creating-and-managing-roles-vb

For custom membership roles, check the below link:

http://www.codeproject.com/Articles/27955/Developing-custom-ASP-NET-Membership-and-Role-prov

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.