ASP.NET Web Forms Object Access Control

Question

ASP.NET Web Forms Object Access Control

I have an ASP.Net Web Forms application in which I use form-based authentication with membership and role providers, which is great for authenticating and controlling access to directories and / or files. Now I need to control access to reading, writing and deleting by separate entity instances, for example, the ability to update or delete a client instance. I tried to come up with a good way to implement this, but I don't know where to start. I read about Authorize attribute in ASP.Net MVCand thought it would be nice to have something similar - decorating methods the way you can control actions in ASP.Net MVC. I don’t know any of the possible ways to achieve this in the world of web forms, and I don’t know any frameworks or other tools that could help me move in this direction. Any suggestions, both from the point of view of existing solutions, and / or for the development of my own implementation, will be very grateful.

+3

security authorization asp.net webforms

Rex miller Feb 11 '09 at 23:30

source share

2 answers

, "PrincipalPermission" - . What If, DeleteSomthing() ? , DeleteSomthing()? - . .

.

0

Pradeep 24 . '09 17:59

BC. · Accepted Answer · 2009-02-11T23:42:50+0000

The easiest way is to require the user to be a member of the role (s) necessary for the method in question, p PrincipalPermissionAttribute.

[PrincipalPermission(SecurityAction.Demand, Role="Supervisor")]
[PrincipalPermission(SecurityAction.Demand, Role="Owner")]
public void DeleteSomething() {...}

, , Supervisor OR Owner DeleteSomething().

ASP.NET Web Forms Object Access Control

More articles: