0

In my company we are developing a web application which contains many users,all these users will be having one or more role defined and for this roles we have separate setting page like this,

To give more clarification please see the below image

The Access checkbox on the left is checked if this role is able to see this menu when he logs in,as u can see the menu on the right,when u expand the menu node it shows the submenu under that menu,and we can set authorization if he can perform 'add,delete,edit,view and also hide submenu from menu'

and we have written a common class which checks the users role with this table and gives the result,on page load of every page we will call that class and apply the setting based on the result.

for ex: if user has logged in to a master page,we get the result on page load and apply the settings like this,

  btnAdd.Enabled = result[0];
  btnEdit.Enabled = result[1];

where result[0], result[1] are the return value from the class.

Now my question is,is this the normal way of doing authorization in asp.net?(Not only for the page,but also for the controls in the page)

I am feel like doing sloppy coding like btn.Enabled = true like this.

Since I have told what I need at the end,what will you all do for this?Just curious to know.

Questions:

1.What will be the drawbacks if I do authorization in this way?

2.What is the correct way of doing authorization in asp.net to meet my need (as explained above I need to enable,disable controls)

Thanks...

LearningToCode
  • 249
  • 2
  • 15

2 Answers2

0

This is very basic way to do there is no harm in doing this. In my company in one of module we had the same requirement we did it in different way. we generated it dynamically.

Dheeraj Yadav
  • 130
  • 1
  • 9
  • So like isn't there something like we can define in webconfig and all.Could you just tel me in ur point how you could solve this? @Dheeraj Yadav – LearningToCode Mar 20 '14 at 06:09
0

You should consider using the capabilities of the framework. .NET gives you claims-based authorization. You can also look at other authorization frameworks such as XACML, the eXtensible Access Control Markup Language.

The benefit of XACML is that:

  • it is standardized
  • it's extensible
  • its policy language is very flexible. It means that it will cater for authZ scenarios you haven't yet thought of.

I wrote a longer answer on a related topic here. Have a look at that.

Community
  • 1
  • 1
David Brossard
  • 13,584
  • 6
  • 55
  • 88
  • Sorry for my late reply,Could you please tel me little more,am a newbie in asp.net.the way I have said above wat are the drawbacks of using it? – LearningToCode Apr 10 '14 at 08:24