2

So I know it's possible to store Users and Roles on SQL server but I was wondering if it was also possible to store the access rules on SQL Server. I've searched but I can't find anything.

Our auditor requires us to run reports that tell us which users have access to which websites. Currently I am parsing each web.config file to see which users/roles have access, storing that in SQL server and running a report off of that but I am hoping there is a better way. Any input is appreciated.

Thanks in advance.

Gage
  • 7,365
  • 9
  • 47
  • 77

1 Answers1

1

If you don't find any ready-to-use solution you can add an Application_BeginRequest that looks up the required permissions for the requested page (preferrably cached in memory to avoid DB roundtrips) and then executes a PrincipalPermission on the role required.

Anders Abel
  • 67,989
  • 17
  • 150
  • 217
  • That's a great idea. I assume Application_BeginRequest is only called the first time the page is requested and not on postback correct? Also what would be the best way to cache the requests? This is much better then the other root I was thinking which was putting the request in page_load haha. – Gage Aug 08 '11 at 18:27
  • I think it is called on PostBack too - which it really should. You want to check *all* accesses. You should read the authorization configuration once from the DB on application startup. If you don't have too many lines and use some kind of wildcard (e.g. regexes) I think a simple list will do. – Anders Abel Aug 08 '11 at 18:35