Managing security - multiple users within a role requiring access to different content

Hi all

I've been helped out a lot with regards to roles/ membership etc. but have a couple of queries.

I have a group of people who have the role of PracticeManager. These people log in and are then forwarded to a folder/pages whereby they can submit documents relating to schemes they are involved in.

Each user on logging in must only see content which is specific to them. e.g. Documents that they have uploaded and database content that they have created. Each user will upload similar documents and create similar rows in a database but cannot be allowed to view other peoples submissions.

So as I see it I need to do the following.

  1. create a database table to contain information (name, address, practice etc) that is associated with each user.
  2. grab the user name from the users table of aspnetdb so that I can then grab the correct user profile from the above table.
  3. create session variables to track the user ensure users are accessing their own content.

Any view? Are their better ways under asp.net

 regards

Chubster


it wasn't me, a big boy did it and ran away
0
chubster
7/10/2007 3:22:42 PM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
720 Views

Similar Articles

[PageSpeed] 45

No need for session variables.  Simply restrict content based on roles or even username (user.identity.name).

I have many appliacations which have similar requirements.  When displaying records from a database, I simply pass user.identity.name to my stored procedure as a sql parameter, and then restrict the SELECT statement in my SP to "WHERE Username = @username", joining on whatever tables may be necessary for your database layout. 

0
dvallone
7/10/2007 3:46:01 PM

Embarrassed  Now I really should have thought of that shouldn't I. Simple but perfect

 Many thanks

chubster


it wasn't me, a big boy did it and ran away
0
chubster
7/10/2007 4:01:06 PM
Reply:

Similar Artilces:

Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas?  We have had and instance of 3.0.13 with one child portal running for about a month now.  A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto   Administrators Portal Administration         False False   Administrators Portal Administration         False False  Registered Users Registered Users    &n...

RSA Secure ID enabled website along with role based access to the RSA Secure ID Users
Hello All, I am trying to implement RSA Security to my intranet website. I want to access the 'RSA Secure ID User Name'  and 'Password(Passcode here if possible)' in my application to set the roles of the user in the website. I want the RSA Secure ID user as my website user if it is registered into my database only. It means 'RSA access' and 'allocating the page access rights' to the user is totally depends upon the 'secure Id user' . I have to retrieve this information from RSA server and use it into my applic...

Configuring Roles and Security within VS.NET to use SQL2000/Access
Hi   Is there anyway to get the roles and security controls to use an EXISTING database which is either SQL2000 or an Access 2000 database? TIA and regards John Here's a post explaining how to hook up the ASP.Net v2 security to SQL Server 2000 or 2005. ...

Security Roles and User management
I have a question concerning Sercurity roles in 2.0 beta 3. I noticed that I am unable to delete the registered security role from user profiles where as I was able to do this in 1.x will this be the same in the final release? I ask because I would really like to set up 3 security roles just like I currently have in 1.x: Public - no rights other then read ony Registered - allowed to make content changes but not move modules or add users and such Admin - full control Will this be possibe in 2.0? This is kind of a criticle issue for us as we are going to be using DotNetNuke f...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

Review: User management with PortSight Secure Access
Anand Narayanaswamy, Microsoft MVP, reviews PortSight Secure Access at ASPAlliance.com. Go to http://www.aspalliance.com/articleViewer.aspx?aId=269 for full article. (PortSight Secure Access is a .NET component for user management and access control for ASP.NET applications)....

Creating User Account Without Default Security Role (Registered User Role)
  My DNN version is 3.1.1. The portal is set to Private Registration. Unauthenicated users have access to the basic pages of the site. We require my company's current customers to register and be approved to have access to all other pages that contain information restricted to them (the major part of the site). As you know, authorizing a user account applys the Registered User security role by default and this is how I control access to the customer areas.  We want to create a page that will be used by Marketing to allow potential customers by login to...

Manage Users For This Role / Manage Roles For This User Question
In the roles/user management pages there is a link called Manage Users For This Role and Manage Roles For This User respectively. I want non Admins to be able to see these pages, and currently I have it so that they can see the manage users and manage roles pages. However, when a non admin clicks on Manage Users For This Role or Manage Roles For This User link it does not display the control, just an empty page. I can get around this by giving edit rights to the page, but I do not want them to have edit rights for the page. Any ideas? Thanks  ...

Authorization Manager (AzMan) -v- .NET role based security
Comparing Windows Authorization Manager (AzMan) with .NET role based security, consider an application with these requirements: The roles which will exist at run time are completely user-definable. Role/operation assignments are completely user-definable. Need hierarchical role support (create roles from other roles). Users may be assigned different roles for different things. Windows Authorization Manager seems to provide all the above, with user definable roles, operations, role/task/operation assignments, hierarchical roles, "scopes" to give users different roles for differe...

Security
Hi, I have set up the membership and roles provider with Active directory and SQL server respectively, and everything was fine. However I am having this problem in the ASP.NET web Adminstration Tool when I go to Manage Users, and try to edit and save a users Email/Description, it returns an error saying: Please correct the errors below. Type 'System.Security.Principal.SecurityIdentifier' in assembly 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable. Yet, I do not have any problem with updating the roles database. A search on ...

changed SQL Security Db and now can't access the Security tab to add new users.
Hi, I have changed my SQL provider for my web site from the default ASPNet.mdf file to a SQL 2005 db.  1/ I used the ASP.Net SQL Server Registration Tool to create the correct schema on the new empty db, but I only used Windows authentication. I am wondering if this is causing the problems. 2/ I added entries in my web.config file specifying the new connection string and the new membership, role, and profile providers. 3/ I then modified the connection string in the DB Explorer of VWD to connect to the new SQL 2005 db, again using Windows Authentication. I test...

Subject: Welcome "Securely manage the access needs of your ever-changing user community"?
IDM 3.5.1 1) When our users have logged onto UserApp (this is a straight UserApp not provisioning), the top of their Page shows Novell Identity Manager Securely manage the access needs of your ever-changing user community Followed by a teal coloured block of bullet points about "Manage the full user lifecycle" : etc etc 2) I have found how to modify the contents of the teal coloured block, but I have not been able to determine how to edit the text that reads "Novell Identity Manager" or the text that reads "Securely manage the access nee...

Why is it an error to have both X-Content-Security-Policy and X-Content-Security-Policy-Report-Only ?
https://wiki.mozilla.org/Security/CSP/Spec#Report-Only_mode If both a X-Content-Security-Policy-Report-Only header and a X-Content-Security-Policy header are present in the same response, a warning is posted to the user agent's error console and any policy specified in X-Content-Security-Policy-Report-Only is ignored. The policy specified in X-Content-Security-Policy headers is enforced. Why is this? This seems like an unnecessary burden which prevents groups from tightening their security policies over time. For example, here at Google, I'm interested in helping resol...

Web resources about - Managing security - multiple users within a role requiring access to different content - asp.net.security

ACT government to scrap rules requiring communications spending reports
After ACT politicians have been forced to report how they spend their comunications allowance, the government will change the rules

Japan's top court upholds contentious law requiring married couples to have common surname
Japan's Supreme Court upholds a law that married couples must have a common surname.

San Francisco On Verge Of Requiring Warnings On Soda Ads
San Francisco will likely soon require health warnings on soda ads, representing a defeat for beverage marketers that have fought such rules. ...

Here’s What CNN Is Requiring for the Next GOP Debate
For Republicans who want to make it to the main stage of the next GOP debate, CNN will require candidates to meet one the following: 1) An average ...

Supreme Court bars states from requiring proof of citizenship for voter registration
... on a federal form that asks for your address and last four digits of your Social Security number. To be clear, it does happen , but requiring ...

Senators revive bill requiring tech sector to report online terror activity
... rampage, killing 14 people in a San Bernardino County government building. In response, high-ranking Senators revived legislation Tuesday requiring ...

Obama to Veto Bill Requiring Background Checks On Syrian Refugees; France Demands Tighter Controls, EU ...
In response to the Paris terrorist attacks, President Obama essentially said terrorists are welcome here. ABC News reports Obama Vows to Veto ...

California Lawmakers Pass Toughest U.S. Law Requiring Equal Pay
California lawmakers approved legislation mandating equal pay for women in what the bill’s author called the toughest such law in the U.S.

Court upholds injunction requiring Google to block websites that may harm Burnaby-based company
The province’s highest court has upheld an injunction that requires Google, the world’s

FAA To Begin Requiring Registration Of Drones
If someone in your family finds a drone under the Christmas tree this year, they'll need to know about a new FAA requirement.

Resources last updated: 12/23/2015 5:12:58 AM