J
Joe Rigley
Help Please!
I've been tasked with converting a portion of the corporate web site that
currently utilizes local user accounts and NTFS via Basic Authentication to
access certain files on the web site to an ASP .NET Forms Authentication
approach with SQL Server. I'm just getting comfortable with ASP .Net, but
strong in Classic ASP.
My issue lies with the multiple levels of security (or roles) required to
manage access to sub folders on the server. All users that successfully
authenticate via the DB will need access to a folder called Dealers. (I
fairly certain I can handle that part.) Within the Dealers folder, there
are two additional sub folders; Sales and Marketing. Some users will
require access to just Sales, some to only Marketing, some to both, and some
to neither. I am considering using a roles approach, like in AD, only the
roles and users info would be extracted from the DB during the
authentication process. A user could be associated to 1 or many roles like
DlrAccess, SalesAccess, and/or MktAccess to help manage access.
I would appreciate your help in how I can provide a single login approach
while still managing access to the aforementioned subdirectories. There's a
catch... I need to also managing access to non-Dot Net files, like .pdfs
and .docs.
I feel confident I could code this if I only had to work with .aspx pages.
However, I'm reached an impasse as to how I can support the other file
types. I know I can map the .pdf extension to the aspnet_isapi.dll.
Unfortunately, that doesn't allow me to access the roles returned from the
DB to determine if that user can access the requested file. And requiring
the user to log in multiple times is a last resort approach.
Can anyone help me out and offer another design to solve this dilemma???
Please Help!
-Rigs
I've been tasked with converting a portion of the corporate web site that
currently utilizes local user accounts and NTFS via Basic Authentication to
access certain files on the web site to an ASP .NET Forms Authentication
approach with SQL Server. I'm just getting comfortable with ASP .Net, but
strong in Classic ASP.
My issue lies with the multiple levels of security (or roles) required to
manage access to sub folders on the server. All users that successfully
authenticate via the DB will need access to a folder called Dealers. (I
fairly certain I can handle that part.) Within the Dealers folder, there
are two additional sub folders; Sales and Marketing. Some users will
require access to just Sales, some to only Marketing, some to both, and some
to neither. I am considering using a roles approach, like in AD, only the
roles and users info would be extracted from the DB during the
authentication process. A user could be associated to 1 or many roles like
DlrAccess, SalesAccess, and/or MktAccess to help manage access.
I would appreciate your help in how I can provide a single login approach
while still managing access to the aforementioned subdirectories. There's a
catch... I need to also managing access to non-Dot Net files, like .pdfs
and .docs.
I feel confident I could code this if I only had to work with .aspx pages.
However, I'm reached an impasse as to how I can support the other file
types. I know I can map the .pdf extension to the aspnet_isapi.dll.
Unfortunately, that doesn't allow me to access the roles returned from the
DB to determine if that user can access the requested file. And requiring
the user to log in multiple times is a last resort approach.
Can anyone help me out and offer another design to solve this dilemma???
Please Help!
-Rigs