Re: * * * C# Application and Database Security Model * * *

From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
Date: Fri, 04 Aug 2006 01:49:04 GMT

Hi Brian,

Thanks for the reply and I've got that your current plan is to use
intergrated windows security with custom authorization control. For custom
authorization control, here are some general suggestions:

1. If the access control (based on user or their roles) can be done mostly
at page level, you can build a custom httpmodule and put your application's
authorization code logic in the module(it can intercept all the page
requests comming in this application and determine whether to allow or end
or redirect the request). Here are some articles introducing the httpmodule:

#INFO: ASP.NET HTTP Modules and HTTP Handlers Overview
http://support.microsoft.com/kb/307985/

#How to: Create Custom HTTP Modules
http://msdn2.microsoft.com/en-us/library/ms227673.aspx

2.If you'll have small granularity authorization control such as set
different access controling on different parts of a single page, you will
need to build more custom code in your page's code logic to perform such
access control checking.

If there is anything else you care about, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Follow-Ups:
- Re: * * * C# Application and Database Security Model * * *
  - From: Steven Cheng[MSFT]

References:
- * * * C# Application and Database Security Model * * *
  - From: isideveloper
- RE: * * * C# Application and Database Security Model * * *
  - From: Steven Cheng[MSFT]
- Re: * * * C# Application and Database Security Model * * *
  - From: isideveloper

Prev by Date: Re: Async Sockets, Buffer Pinning
Next by Date: Re: OleDB : ORDER BY 's order.
Previous by thread: Re: * * * C# Application and Database Security Model * * *
Next by thread: Re: * * * C# Application and Database Security Model * * *
Index(es):
- Date
- Thread