Access permision

  • Thread starter Thread starter Champika Nirosh
  • Start date Start date
C

Champika Nirosh

Hi All,

We are about to develop a Content management system, that can view, edit
content online.

In our system, we have a file called "sample business letter"
workers... in ur system... are only allow to read (online through IE) what
ever the content they are permisionned to read

there are two workers named w1 and w2. who belong to the worker role

requrement comes saying "DON"T ALLOW W2 TO READ THE 'SAMPLE BUSINESS
LETTER'"

Assume that both know the direct url of the file "sample business letter".

How can I achieve this...
Get me a direction

Thanks,
Regards,
Nirosh.
 
Nirosh,

I assume that you are developing an ASP.NET web application to achieve the
scenario that you detailed.

You therefore need to do two things:
1. Set up user authentication for your web application. In order to do this
you need to add an <authentication mode="Windows" /> or <authentication
mode="Forms"><forms loginUrl="loginForm.aspx" /></authentication> to your
web.config file (use Windows only if everyone is accessing the application
from a company LAN/WAN, use Forms if connecting from the general internet).

For Forms authentication you will need to add your own loginForm.aspx page
which accepts the username & password - check out MSDN library for more info.

For Windows authentication you will need to add <identity impersonate="true"
/> to web.config to force the application to run with the same domain user
credentials as the user on the client.

2. Enable role based authorization on the pages whose access you wish to
restrict. For windows authorization, you can simply set file access security
on the relevant web page files to allow the users who should have access and
deny those who shouldnt.

For Forms based security, you will have to add your own access logic to each
ASP.NET page which is accessed. If the user is not allowed access you can
(for example) use Server.Transfer to dump the user onto an "Unauthorised
Access" page.

I know this is all a bit complicated, but hopefully this will give you
enough information to find what you actually need in the online help.

Cheers,
Chris.
 
Hi Chris,

Thanks for the detailed help. It definitely give me a direction to restrict
ASPX pages... it is also a one part of this..

The section I need little more clarification is .. if I have some content
files that are not aspx.. let assume they are some word documents.. whcih I
have to give diferent access permission for each user.. as a example if u1
and u2 belong to the same role but I may give read access/permission for u1
while given read/write access/permission to u2 for the same document.. can
you get me a hint on this line as well.

Thanks,
Nirosh.
 
Hi Nirosh,

There are two ways (that I can immediately think of) to achieve this. If you
are using windows authentication, then setup security as per my last post.

If you are using forms based authentication, then you can store the secured
data files outside of your web virtual directory (i.e. so you cannot access
them remotely via a URL), then add an aspx page to handle access to the
files. The code behind on this page will use the credentials of the
authenticated user to determine whether or not they should have access. If
they are allowed access, it then returns the file data only on the response
stream.

See http://www.codeproject.com/aspnet/imagehandler.asp for a definition of
this technique (the example is in VB, but the technique can easily be
transferred to C#).

Regards,
Chris.
 
Chris,

That sounds great ... I think that is what I was looking for..
Thanks for this..

Nirosh.
 
Hi Chris,

I was bit over excited earlier ...

Do you think that this same technique can be applied for a html page that
has images embedded in them as well..

I have some html files as well...
Nirosh.
 
Hi,

That might not be so easy. You can of course send and HTML file back to the
client using the same technique as the binary file, which will display as
normal in the browser. However the images in this HTML file would have to
have URLs as normal, and could therefore be accessed even if the HTML file
was blocked.

One other possibility would be to have two seperate applications (i.e.
running under different IIS virtual directories). One being the generic
application, the other being the more secure application. You would have to
devise a method to ensure that the user only enters login details once for
both applications, and also have the problem that the applications cannot
share state.

Chris.
 
Thanks Chris,

I really appreciate your helps..

I'll give a try on this line

Nirosh.
 
Back
Top