Hello Brian,
Based on your description, you're going to develop a data-driven web
application through ASP.NET and want to perform role based security to
restrict different clients to perform certain data manipulation operations
in the web application, correct?
Based on my experience,here are some approaches you can consider:
1. For building data-driven web applications, ASP.NET (latest version 2.0)
has provided many rich UI controls for conveniently constructing a web
application which access data from backend data page and present the data
on web page. For general ASP.NET development information, you can visit the
following web sites:
http://www.asp.net/
http://msdn.microsoft.com/asp.net/
2. I've noticded that your main concern here is to provide security
authentication against client users and authorize certain users(with
certain roles) to access the resource they're allowed to access. Are the
users and roles here the windows account and groups or the custom users
and roles defined in your own database storage? In ASP.NET, you have the
following options:
1) If you're going to do authentication and authorization against windows
account and groups, you can configure the ASP.NET appilcation to use
windows authentication and also set the IIS virtual directory to use
intergrated windows authentication. Thus, we can get the authenticated
client user's windows identity in ASP.NET web application and then if some
pages are restricted to certain users, you can do the identity checking in
code and prevent any unauthorized users.
2) ASP.NET 2.0 also provide a well encapsulated Membership and role manager
framework which can help easily build web application that will
authenticate user against custom security account database and authroize
users against custom role database. Such application generally use Forms
Authentication and let the user input username/password credentials at the
login form. Here is a good blog article which listed many resources about
the membership and role management service in ASP.NET 2.0:
#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
http://weblogs.asp.net/scottgu/archi...24/438953.aspx
3. As you also mentioned the AzMan, though it is not a naturally .net
managed based component, there are some resoruces introducing how to
integrate it in ASP.NET web application as security mechanism. Here is a
msdn article describing on this:
How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
http://msdn.microsoft.com/library/en...9.asp?frame=tr
ue
All the above are some general information, you can have a look to see
whether any of them will suit your application scenario. And if you have
any further detailed or specific questions, please feel free to post here.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial
response from the community or a Microsoft Support Engineer within 1
business day is
acceptable. Please note that each follow up response may take approximately
2 business days
as the support professional working with you may need further investigation
to reach the
most efficient resolution. The offering is not appropriate for situations
that require
urgent, real-time or phone-based interactions or complex project analysis
and dump analysis
issues. Issues of this nature are best handled working with a dedicated
Microsoft Support
Engineer by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Similar Threads
