Using Roles in ASP.NET

Question

Using Roles in ASP.NET

In the asp.net web application, I limited user actions based on their roles, for example:

I created three tables in the database

Tables

Table: Users

UserID Username Password
1 Bob password1
2 Scott password2
3 Jisun password3
4 Sam password4
5 John password5

Table: Groups

GroupID Name
1 Administrators
2 Clerk
3 Manager
4 Cashier

Table: Roles

UserID GroupID
1 1
2 2
2 3
3 4
4 3
4 4

In the Global.asax file, I wrote the following

Sub Application_AuthenticateRequest(sender As Object, e As EventArgs)
    If Request.IsAuthenticated Then
        'Determine this user roles
        Dim reader As SqlDataReader = _
              SqlHelper.ExecuteReader(connection string, _
              CommandType.StoredProcedure, "rolesForUser", _
              New SqlParameter("@Username", User.Identity.Name))

        ' Create an array of role names
        Dim roleList As New ArrayList
        Do While reader.Read()
            roleList.Add(reader("Name"))
        Loop

        'Convert the roleList ArrayList to a String array
        Dim roleListArray As String() = roleList.ToArray(GetType(String))

        'Add the roles to the User Principal
        HttpContext.Current.User = _
             New GenericPrincipal(User.Identity, roleListArray)
    End If
End Sub

And in the asp.net code file the following code

If User.IsInRole("Administrator") then
  ' Display sensitive material
ElseIf User.IsInRole("Clerk") then
  ' Display moderately sensitive material
Else
  ' Display only bland material
End If

currently working fine. Now a new requirement has drawn attention to allow the clerk to access some (but not all) of the functions performed by the administrator.

Do I need to change the source code to provide the above new requirement?

Is it necessary to do the same thing again and again when this requirement arises in the future?

or any other best way that I can do, please suggest me.

+3

asp.net

shekhar Jul 02 '10 at 11:34

source share

6

alex · Answer 1 · 2010-07-02T11:47:01+0000

Robin Day, , , - , , , "". (, , ..), , .. , .

, ASP.NET( SqlRoleProvider) ?

Robin Day · Answer 2 · 2010-07-02T11:40:24+0000

, , - asp.net.

, "" , .

, , .

XIII · Answer 3 · 2010-07-02T12:05:05+0000

ASP.NET 2.0 , . : ASP.NET.

, . , .

, : , aspnetdb.mdf.

Sebastian P.R. Gingter · Answer 4 · 2010-07-02T11:54:09+0000

, ASP.NET. , " ", . , ( SiteMapProvider) .

Bermo · Answer 5 · 2010-07-02T12:03:52+0000

( ) . , , .

, , " ". , . , "--", .

PHeiberg · Answer 6 · 2010-07-02T12:22:05+0000

, , , . , , - .

  If Authorizer.UserHasAccessToFunctionality(user, "Sensitive") Then
    ' Display sensitive material     
  Else If ...

:

public Shared Function UserHasAccessToFunctionality(user as IPrincipal, _
   functionality as string) as Boolean
     functionalities = Authorizationrepository.GetFunctionalityForRoles(user.Roles)
     Return functionalities.Contains(functionality)
  End Function

AuthorizationRepository , .

,

:

ID Name
1  Sensitive
2  Protected
3  Public

: RoleFunctionality

Role Functionality
1    1
1    2
2    2
3    3

Using Roles in ASP.NET

More articles: