Converting desktop permission settings to a web based application

Question

1.00/5 (1 vote)

See more:

I'm converting a vb.net 2005 desktop application to being web based. The user would log into a server using remote desktop connection.
Anyone who could log into the server could start the GUI, but when a user wanted to do more than read information the GUI called a stored procedure called GetPermissions to see if they were allowed to do what they wanted. The procedure was something like this.

select is_member('part1') as part1,
is_member('part2') as part2,
is_member('part3') as part3,
is_member('part4') as part4,...

some users have permission to execute part1, others part 3 others have permission to execute all parts.

How best to replicate this set up in a web based GUI (asp.net 3.5 with vb)?
One big difference is that the link should only work for people who have permission to use at least one of the four parts mentioned above.
If I use a login control I'm worried I would have to somehow manually synchronise the ASP.net roles with the db roles.

Posted 29-Apr-13 3:12am

Alhal

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

db7uk · Answer 1 · 2013-04-29T03:23:00

Nothing changes. Because your ASP.net application will have server side code, nothing really changes. What by way of authentication and knowing what the user is does your current application know what user has which role?? Surly this can easily be ported to something like the asp.net membership and roles provider?

Developing custom ASP.NET Membership and Role providers reading users from custom section in the web.config[^]

If you were going the way of a JS heavy UI then your server side / business layer should be accessible via a service call. This can then be queried to identify if certain users have rights.

Alhal · Answer 2 · 2013-04-29T04:49:00

Solution 2

The role information is in db roles. How do I port this over to something like the asp.net membership and roles provider?
At the moment I've asked the dba to create a table on a daily basis with this information.
This is because only the ID db_owner would be able to retrieve all the necessary information.

Posted 29-Apr-13 4:49am

Alhal

Comments

db7uk 29-Apr-13 15:10pm

Ok, first, if you have a reply I would recommend either replying to my original solution or by "Improve Question" link. Now, the ASP.NET membership and roles provider are all very extendible. The roles provider shown in my solution shows how this can be done. The only thing you need to worry about is modifying the aspnet_roles stored procedures to to the work. A dba should be able to handle this.