I am putting an architectural design for an ASP.NET appliction. The application should allow multiple adminsitration levels and authorities. I am thinking of managing the users log on and permissions using session variables. When the user is authenticating, according to his role (which is stored in the database) a "role" session variable is created. when requesting a page, this session variable is tested and according to its value the user either uses the page or he is directed to a "No permission" page. Is there any better method for doing this task
Management of permissions in ASP.NET
Hot Topic
- WES Sample - Issues
- How to send synchronous message to the service?
- Is there any way to tell ASPMenu to hide restricted sites
- e-learining
- Learning design patterns
- Publishing Info Path form
- Options for Updating Excel displayed thru Excel Web Access ?
- How to Regenerate "My Links -> My SharePoint Sites"
- VSeWSS not including dll in solution wsp file
- Problems with Site Content Type Template using PDF
SharePoint Products
- RTP, anything in raleigh/durham area
- Re-Parenting
- SharePoint with LDAP ?
- Multivalued bdc column - a dream?
- How to avoid getting prompted to install name.dll or to allow it's execution (IE 7.0 only)
- Stsadm.exe searchadcustomquery
- Handling exceptions in CSF 3.0
- need ideas in Web application architecture
- Can you use Active Directory Manager data in workflow?
- Implementing Menus using CAB
Management of permissions in ASP.NET
Cian
Muhammad,
you can also take an integral look in security with these guidances
Threat Modeling Web Applications
MircoS
Hi Muhammad,
the question is... if anyone (another process, a hacker, an unscrupulous developer in the organization or any other interested in committing fraud) access to the session variable and overwrite its value If that could happen, you are facing the risk of "elevating privileges"
If you are conscius of that and can avoid it... go ahead
Anyway, I would suggest you to check this article appeared in MSDN Mag on November, 2005
Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0
Hope it serves