RE: * * * C# Application and Database Security Model * * *

Hello Brian,

Based on your description, you're going to develop a data-driven web
application through ASP.NET and want to perform role based security to
restrict different clients to perform certain data manipulation operations
in the web application, correct?

Based on my experience,here are some approaches you can consider:

1. For building data-driven web applications, ASP.NET (latest version 2.0)
has provided many rich UI controls for conveniently constructing a web
application which access data from backend data page and present the data
on web page. For general ASP.NET development information, you can visit the
following web sites:

http://www.asp.net/

http://msdn.microsoft.com/asp.net/

2. I've noticded that your main concern here is to provide security
authentication against client users and authorize certain users(with
certain roles) to access the resource they're allowed to access. Are the
users and roles here the windows account and groups or the custom users
and roles defined in your own database storage? In ASP.NET, you have the
following options:

1) If you're going to do authentication and authorization against windows
account and groups, you can configure the ASP.NET appilcation to use
windows authentication and also set the IIS virtual directory to use
intergrated windows authentication. Thus, we can get the authenticated
client user's windows identity in ASP.NET web application and then if some
pages are restricted to certain users, you can do the identity checking in
code and prevent any unauthorized users.

2) ASP.NET 2.0 also provide a well encapsulated Membership and role manager
framework which can help easily build web application that will
authenticate user against custom security account database and authroize
users against custom role database. Such application generally use Forms
Authentication and let the user input username/password credentials at the
login form. Here is a good blog article which listed many resources about
the membership and role management service in ASP.NET 2.0:

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
http://weblogs.asp.net/scottgu/archive/2006/02/24/438953.aspx


3. As you also mentioned the AzMan, though it is not a naturally .net
managed based component, there are some resoruces introducing how to
integrate it in ASP.NET web application as security mechanism. Here is a
msdn article describing on this:

How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000019.asp?frame=tr
ue

All the above are some general information, you can have a look to see
whether any of them will suit your application scenario. And if you have
any further detailed or specific questions, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial

response from the community or a Microsoft Support Engineer within 1
business day is

acceptable. Please note that each follow up response may take approximately
2 business days

as the support professional working with you may need further investigation
to reach the

most efficient resolution. The offering is not appropriate for situations
that require

urgent, real-time or phone-based interactions or complex project analysis
and dump analysis

issues. Issues of this nature are best handled working with a dedicated
Microsoft Support

Engineer by contacting Microsoft Customer Support Services (CSS) at

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.





.

Relevant Pages

  • Re: * * * C# Application and Database Security Model * * *
    ... I've noticded that your main concern here is to provide security ... If you're going to do authentication and authorization against windows ... authenticate user against custom security account database and authroize ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: ActiveDirectory and user page Access
    ... I think your question is how to implement role based security in ASP.NET ... Microsoft Online Community Support ... feel free to let my manager know what you think of the level of service ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.vsnet.general)
  • RE: ActiveDirectory and user page Access
    ... I think your question is how to implement role based security in ASP.NET ... Microsoft Online Community Support ... feel free to let my manager know what you think of the level of service ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.vsnet.general)
  • Re: WCF authentication and remote workstations
    ... As for the WCF communcation scenario in your context, would you provide some further information about the binding and security configuration of the service/endpoint. ... For example, are you using transport layer security, let the runtime forward the windows credential automatically for use message laye security(such as username authentication to authenticate the client)? ... For the first one(windows authentication that let the client automatically forward the client security context(the current logon user). ... We welcome your comments and suggestions about how we can improve the support we provide to you. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: VPN to NetScreen (100) firewall - can it support token devices?
    ... The answer is yes it has built in support for Security Dynamics Technologies ... It also supports the use of a RADIUS or LDAP server for ... authentication. ...
    (comp.security.firewalls)