Recipe: Implementing Role Based Security with ASP.NET using Windows Auth and SQL Server
page 2 of 4
by Scott Guthrie
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 18384/ 21


You are building an Intranet expense report application for your organization, and want to enable role-based authentication and authorization capabilities within it.  Specifically, you want to create logical roles called “approvers”, “auditors”, and “administrators” for the application, and grant/deny end-users access to functionality within the application based on whether they are in these roles.

Because your application is an Intranet solution, you want to use Windows Authentication to login the users accessing the application (avoiding them having to manually login).  However, because the roles you want to define are specific to your application, you do not want to define or store them within your network’s Windows Active Directory.  Instead, you want to define and store these roles within a database.  You then want to map Windows user accounts stored within Active Directory to these roles, and grant/deny access within the application based on them.

In addition to using roles to authorize access to individual pages within the application, you want to dynamically filter the links displayed within the site’s menu navigation based on whether users have permissions (or not) to those links.  And lastly, you want to build-in a custom role-management administration UI directly within the expense report application for “expense app administrators” to manage these roles and control who has access to the capabilities of the app:

Figure 1

View Entire Article

User Comments

Title: Drop Down List instead of textBox   
Name: Roderick
Date: 2007-08-03 4:50:00 PM
Scott, Great article!! it's been of a lot help now, I was wondering how to use a drop down list with all the users in it instead of typing them in... I've try a lot of things but nothing seems to work. I got the users to display in the drop down list but then when i hit "update" it would go back to first user which is Admin...Any help will be great

Thanks in advance,

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-04-18 2:43:42 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search