BizTalk Utilities CV ,   Jobs ,   Code library
 
Go to the front page to continue learning about XML or select below:

Contents

ReBlogger Contents

Previous posts in XML

 
 
CONTENTS
Page 1508 of 18424

Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 12

Blogger : 4GuysFromRolla.com Headlines
All posts : All posts by 4GuysFromRolla.com Headlines
Category : XML
Blogged date : 2008 Jul 23

Several of the earlier installments in this article series examined how to apply authorization rules in order to prohibit particular users, roles, or classes of users from accessing particular resources. For instance, Part 2 showed how to define URL-based authorization rules in web.config for roles. With just a bit of XML markup, it is possible to block particular users or roles from visiting certain web pages. Just installments also looked at using the LoginView control, which displays different markup based on whether the user is authenticated or not (and can also be used to display different markup based on the currently logged in user's role). There are also programmatic techniques you can use to determine the identity of the currently logged on user and what roles she belongs to.

The URL-based authorization, LoginView control, and programmatic techniques can be used in tandem to ensure that a user does not visit a page or perform some operation if she is not authorized. But what if you forget to implement one of these safeguards? For example, imagine that you have a web page that includes a button that, when clicked, perform some task that is only intended for administrators. You could put this button in a LoginView control or you could use programmatic techniques to ensure that only users in the appropriate role (say, Admin) saw the button. But what if sometime later you, or another developer, removed this check by accident? The net result would be that any user visiting the page could perform the administrator-only operation! Whoops!

To reduce the likelihood of such security mishaps, the .NET Framework includes capabilities for declaratively asserting permissions (via attributes) on methods and classes. In a nutshell, you can add such attributes to ASP.NET pages, their code-behind classes, and your business logic and data access layers. With these attributes in place, your visitors will be barred from performing unauthorized actions, regardless of whether there are any security holes in the user interface. Read on to learn more!
Read More >

Read comments or post a reply to : Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 12
CONTENTS
Page 1508 of 18424
Newest posts
WCF LOB | BizTalk 2006 R2 | WSE | WSCF/WCF | BizTalk Rule Engine | Biztalk Adapters | Orchestration / Workflow | BizTalk 2006 | BizTalk 2004 | BizTalk 2002 | BizTalk Server | SOA | SQLXML | XmlSerializer | WS, web services | .NET XML, System.XML | XSL/T | XML |
 

    Email TopXML