Role Based Security

Hot Topic

Using WMI to get Current Logged On User
Active scripting and webservices
SourceSafe 6.0 Automation
Creating a wrapper DLL between C and C#?
Defining custom functions for code snippets
propagation of user-type objects through a webservice
real-time use of Indexers & Properties...
Convert a byte array to a short array?
whats the function for to the power of? example 10^3 = 1000
MultiDimentional and Jagged array Diff:-

Visual C#

Another form or an assembly?
arrays and properties.
C# and VB.NET, which can be learned faster?
Odd VS 2005 reference warnings. "The referenced component 'System' could not be found."
C# Date Time Help
Problem with bindable attribute in custom control
Custom TypeConverter for a Class
how to write text to desktop wallpaper
How to show all TODO items?
Interfaces oversold???

Role Based Security

Hi

How can i implement Role Based Security in c# desktop application.
I have one table for registered users named tb_User and one for role named tb_UserRole. One user will have only one role

tb_User                 //Information about registered user

FirstName
LastName
LoginID
Password
UserRoleID      // foreign key from tb_UserRole

tb_UserRole

UserRoleID
Role                // i.e Administrator, Guest,Backup Operator, Report Generator

 

Plz, let me know the best approach for this.




Answer this question

Role Based Security

  • Enolan

    Exactly i want to do this. But i am confused about implementation.
    One way is to designed separate forms for each Role and at login time, i redirect user at that page. i.e admin.aspx, guest.aspx,operator.aspx etc
    if user role is admin then redirect to page admin.aspx, if user role is guest, then redirect to page guest.aspx, if user role is operator then redirect to page operator.aspx.
    And these pages will have related permission. is it ok or ..



  • mdschwarz

    not sure I quite understand the problem, can you explain it a bit more please I understand you have a database with user details and their role type but with this you want to do what exactly to your application Disable/enable features depending on the role if so, when the user authenticates, get the RoleID or roletype and store it in that session, such as using a static class/member so throughout the application, it will see if the current user is an admin or some other role and enable/disable features based on that role that the user has in the database

  • SimonS_

    If you are using SQL server then you can use a script which is MS recommended to implement security in your applications. you can run the script on your DB by using the file at location C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe. This will create all the tables, views, SPs in your selected DB. So you dont need to make any new tables. You will use these newly created tables by Membership and Roles classes that come in .Net Framework Base Classes 2.0.

    You would also have to make minor changes in your app.config file by changing the settings of membership and roleManager elements.

    Hope you get started with Role Based Security the MS way.



  • WendellB


    I want to build application for MYSQL,DB2 ,MS SQL Server.

    I think aspnet_regsql.exe (SqlMembershipProvider class) is only for MS SQL Server.

    Can we use it with other database like, MYSQL, DB2



  • shehz

    The way it works in .NET is you have an authentication provider (identify a user as being who they are) and a role provider (determining what rights they have). Aside from the script to enable SqlMembershipProvider in SQL you also have to add the configuration information in the web.config.

    I haven't tested MySql with that provider but my understanding is that it doesn't work with it. But because these providers are pluggable you just need to find a MySql Authentication provider for .NET, searching google with the following terms, 'authentication provider .net 2 mysql', turned up this likely candidate: http://www.codeproject.com/aspnet/MySQLMembershipProvider.asp.

    Because of this provider design you should be able to plug any provider in and your code shouldn't need to adapt to each variation. That's the theory and my understanding is that in practice it works rather well.

    HTH,

    Todd
  • Role Based Security
Answer this question