Form controls security

[Nikolay Petrov]

Hi everyone!
I am developing app, which should be used by users, which are members of
different groups.
These users and groups are stored in my SQL database and are custom for my
application, they are not Windows users.
Every user can be member of many groups.
What I need is a some kind of baseline, how to implement security in my app,
based on these users and groups.
By security I mean enabling and disabling different functionality of my app,
mosltly disabling controls.
Should I use some kind of ACL, or on every Form load event I should enable
or disable controls, based on the group membership of user.
Because I am a newbie, some source code will be helpfull.

TIA

 

[Jorge]

Hi Nikolay

This is how i implemented security on my company
managment system i currently develloping. I
enable/disable buttons , Main menus and Context menus
based the user at form load.

As you know there's a collections of controls in each
form, buttons and menus are controls BUT context menus
are components and are not listed in the controls
collection. So i had to use system.reflection to do it.
Below is the procedure i use to browse buttons
Imports System.Reflection

Public Sub BrowseButtons(ByVal f As Form)

Dim MyForm As Type = f.GetType()

Dim Fields As FieldInfo() = MyForm.GetFields
(BindingFlags.Instance Or BindingFlags.NonPublic)

For Each Field As FieldInfo In Fields
If Field.FieldType.Name = "Button" Then
Dim obj As Button = DirectCast(Field.GetValue(f),
Button)

WorkerID = 80 '' i am the admin and have access
to everything
NomeForm = f.Name
Button_ = obj
ControlName = obj.Name
SaveButton() '' saves the button the table
End If

Next

End Sub
The BrowseContextMenus and BrowseMainMenus are similar.
I have a table with a entry for each buttons/menus with
the worker id. By default i have acess to everything and
the other no acess, so when i browse the controls i save
a entry in the table with my worker id, this way if i had
an new button or contextmenu item it will be saved next
time i run the application.

When the form loads i do :
BrowseButtons(me)
BrowseContextMenus(me)
BrowseMainMenus(me)
EnableButtons(me)
EnableContextMenus(me)
EnableMainMenus(me)

And below is a line of the sql table i use

80 FormEnc System.Windows.Forms.MenuItem,
Items.Count: 0, Text: Tradução das Preconizações
System.Windows.Forms.ContextMenu, Items.Count: 23
3942



Kind Regards
Jorge

 

[Ken Tucker [MVP]]

Hi,

http://msdn.microsoft.com/library/d...incipalwindowsprincipalclassisinroletopic.asp

Ken
-----------------------------
Hi everyone!
I am developing app, which should be used by users, which are members of
different groups.
These users and groups are stored in my SQL database and are custom for my
application, they are not Windows users.
Every user can be member of many groups.
What I need is a some kind of baseline, how to implement security in my app,
based on these users and groups.
By security I mean enabling and disabling different functionality of my app,
mosltly disabling controls.
Should I use some kind of ACL, or on every Form load event I should enable
or disable controls, based on the group membership of user.
Because I am a newbie, some source code will be helpfull.

TIA

 

[Nikolay Petrov]

Ken, I don't need the Windows Users and Groups. I have my own users and
groups in DB.

My actual question is how to define some kind of ACL and use them on
controls.

 

[Cor Ligthert]

Nikolay,

Just an idea for your problem nothing more.

\\\
Private Sub Form1_Load(ByVal sender As Object, _
ByVal e As System.EventArgs) Handles MyBase.Load
Select case UserGroep
case 1
Dim ctrArr As Control() = New Control() {Textbox1, Textbox2}
For Each ctr As control In ctrArea
ctr.visible = true
Next
case 2
End select
End Sub
///

And than not this exact code however store the arrays per Form in a
database, and read that for the proper user group, which then would be very
effective in my idea.

Cor