Adding roles and permissions to a traditional web app?

We have a regular webforms asp.net application and we'd like to implement roles and permissions to it.

Essentially, the roles will allow the users to be able to see X webforms and Y controls within those webrforms. For example, there's a webform called Users.aspx. So there could be role VIEWER that can see the webform Users.aspx but they cannot add/modify anything (ie. textboxes would be read-only and submit button is not visible)

What would be the best way to do this? I was thinking of having a Role table and then having a Privileges with the webforms that a certain role can see and the controls (within that webform) that this role can see. So the privileges table could have a record for VIEWER, the webform this user would be able to see, and then the controls (within the webform) that this user could alter.

Is this possible?

Thanks.

Re: Adding roles and permissions to a traditional web app?

Why don't you use .net membership?

Re: Adding roles and permissions to a traditional web app?

I used and i made my Login system so, there were rolls i made..

Concentrate the Scenario:

its my Login Table

UserName ---- Password ---- CampusCode

MyName ---- 123PW ------- NK

On login page I Coded like this

str = "select * from login where Username =@username  and Password =@password";
            cmd = new SqlCommand(str, con);
            cmd.Parameters.AddWithValue("@username", txtUsername.Text);
            cmd.Parameters.AddWithValue("@password", txtPass.Text);
            
            sdr = cmd.ExecuteReader();
            if (sdr.Read())
            {
                Session["Campus"] = sdr["CampusCode"].ToString(); // then Responce.reditect to another page then

So I took value of Campus By Session now , on 2nd Page On top right i put the Label and Put the Session value of Campus.

then on page load i Programed like

if (Label.Text = "NK")

{

panel1.visible = false;

}

else if ( Label.Text = "2nd Campus etc")

{

Panel2.Visible = true;

}

More over you will have to work hard for it. but you can do better in asp.net Membership system.

Re: Adding roles and permissions to a traditional web app?

vmhatup
the roles will allow the users to be able to see X webforms and Y controls within those webrforms.

Roles based Authorization in ASP.NEt - http://msdn.microsoft.com/en-us/library/ff647401.aspx

for webforms you can do authorization, but for specific parts on page, you might need to write code to load those controls based on roles...

Thanks,

Re: Adding roles and permissions to a traditional web app?

Use ASP.NET membership provider and controls on a page can be controlled using role based authorization for example:

protected void Page_Load(object sender, EventArgs e)
    {
        if (!Roles.IsUserInRole("Admin"))
        {
            MenuItemCollection menuItems = mTopMenu.Items;
            MenuItem adminItem = new MenuItem();
            foreach (MenuItem menuItem in menuItems)
            {
                if (menuItem.Text == "Roles")
                    adminItem = menuItem;
            }
            menuItems.Remove(adminItem);
            someothercontrol.Visible=True;

        }
    }

Role Based Authorization:

http://www.asp.net/web-forms/tutorials/security/roles/role-based-authorization-cs