ASP.NET Impersonation design -


this asp.net authentication operation.

    private void loginbutton_click(object sender,                        eventargs e)     {         string username = txtusername.value;         string password = txtuserpass.value;          if (validateuser(txtusername.value, txtuserpass.value))         {             formsauthenticationticket tkt;             string cookiestr;             httpcookie ck;             tkt = new formsauthenticationticket(1, txtusername.value, datetime.now,                                                 datetime.now.addminutes(3), chkpersistcookie.checked,                                                 username + "@ticket");             cookiestr = formsauthentication.encrypt(tkt);             ck = new httpcookie(formsauthentication.formscookiename, cookiestr);             if (chkpersistcookie.checked)                 ck.expires = tkt.expiration;             ck.path = formsauthentication.formscookiepath;             response.cookies.add(ck);              string strredirect;             strredirect = request["returnurl"];             if (strredirect == null)                 strredirect = "myaccount.aspx";             response.redirect(strredirect, true);         }         else             response.redirect("logon.aspx", true);      }

i have user table in db credentials saved. using validateuser method doing credentials validation. have 3 type of users: member, moderator , administrator. each type of members has unique functionality. lets have a, b , c t-sql stored inside in db.

what should to let for:

member execute query.

moderator execute , b.

administrator execute a,b , c.

of course, can manage execution web app, not sure how safe is. technically can execute similar query outside of app, gives access db data. want somehow combine web app login , db access well.

thanks!

if these queries going come web app, think want manage code side invokes procedures.. maintain list of urls in database, assign roles, , give these roles access specific urls. these urls dictate queries user execute...

then in code assign custom attributes limit access them....


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more