My application is an asp.net web application which deals with different user logins(user types like Gatekeeper and Pde users).
Here only i am facing one peculiar problem that In Gatekeeper (login) uploaded one txt document in the application.After uploading QA team taking the copy of URL of uploaded document.
Let say URL be like :http://localhost/cms/UI/Documents/BoltonCMS11102009112303PM.txt
Now QA team they are login as Pde user and trying to paste the above URL in Home page,at this moment the uploaded document that is the txt file is opening which is a bug we need to restrict to open that uploaded document .
Instead of a direct link to a file, have a link to a page which takes an id on the query string, uses the id to lookup the file, and fails to do so if the permissions check fails. Or write a HTTP Handler for the file type which first checks permissions. I'd go the former, if you can hide the actual file path, it's harder to hack.
Driven to the arms of OSX by Vista.
Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
before going any further I would like to consult you (experts).
once customer access the page, system will check whether or not customer gives a score to his last order, if not I want to open a page (may be pop-up) where he will score it. Since I have not worked with pop-ups before, do you suggest it?
I am working on an ASP.net application with 3.5 framework.
I need to implement control level role management i.e: the ability to hide or disable a control based on the users role or group credentials. Since I need to do this across all controls in the page I want a simple framework based on which I can implement this across the application without much effort and uniform accross the app. I am using windows authentication and sql server provided role management for authentication and role management.
Pointers and references in this directions will be deeply appreciated.
say for example:-
let us have 2 roles clerk and approver.
say clerk has rights to create order and edit order
approver has rights to only approve order
when a user with clerk credentials logs in only create and edit buttons to be available
if he is approver only approve button to be available.
lovinviewcontrol will do the trick for implementing this. but my requirement is if someone with the role of clerk and approver(multiple roles to the same user) logs in he must have create,edit and approve all the buttons available.
Well, during the user creation you can define the user by assignning it to a specific group, authentication type like windows or application, and roles. You may want to store them in the database and should be have normalize tables. Furthermore, You may perhaps have a group mainteance page or role maintenance where these could be maintained. So when the specific user is logged in to the system. You through the groups and roles and check what kinds of layout this user should be able to view.