.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Authorisation Against Roles and Additional Info

Posted By:      Posted Date: October 21, 2010    Points: 0   Category :ASP.Net

I wonder if anyone could help. I'm trying to use a custom Principal (with custom Identity) for security. This all works fine for logging in, out etc. I am now trying to limit access to unauthorised users within my code as follows:

[PrincipalPermission(SecurityAction.Demand, Role = "Buyer")]

Again, all is fine there. Except I need some more complicated rules, something along the lines of "Allow Admins. Allow Buyers, provided they have the correct department ID and are allowed to see this customer's credentials". All of that information exists within a database.

How can I go about doing this? 

Any help appreciated. 

View Complete Post

More Related Resource Links

remove stack trace , Additional Info, from log file


i am using belowcode in web.config 

<loggingConfiguration name="" tracingEnabled="true" defaultCategory="General">
      <add name="Rolling Flat File Trace Listener" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fileName=".\Logs\jeejix_error.log" footer="------------Error End----------------------------" formatter="Text Formatter" header="---------Error Start-------------------------------" rollFileExistsBehavior="Increment" rollInterval="Day" rollSizeKB="50" />
      <add type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken

Like Celebrities - info about all celebrities

Like Celebrities - info about all celebrities

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Hard Code Roles on the Pages


If i hard coded role=Manager on the specific SiteMap/Folder/Page/etc. I will have problem when the manager need to remove from access a specific page. I need to change the code ont eh page/SiteMap/Folder more move the file into another folder.

What i have in mind is to change the role to taks oriented. such as role=AddStock, Edit Stock, Delete Stock, Print DO, Add Sales, Edit Sales, Deleted Sales..... (but it will be many role for 1 user compare to just 1 as Manager)

Will this cause performance issues later when each user have 60 roles and if i have 20,000 user will it affect the application performance?

Otherwise any other option? to make it flexible.

Problem with changing language using culture info


I'm using the following msdn article to use different languages in my web application:


I'm following the instructions step by step in VS 2010, and it creates the resource files exactly how it's supposed to. 

However, when I run the program it just doesn't apply it. I don't see the different values from the resource file. 

If I leave my resource file name as sample.aspx.resx, it works. But when I change it to sample.aspx.en-us.resx, it doesn't work. I'm supplying culture from the aspx page's Culter and UICulture properties. I'm being very careful in choosing the correct file name, as that could be the issue,  but it just doesn't work. I also tried changing the culture in the backend code this way:

App Lockdown: Defend Your Apps and Critical User Info with Defensive Coding Techniques


Whether you're storing database connection strings, user credentials, or logon info, you'll need to practice good defensive programming techniques to avoid those surprise situations in which your data is exposed. In this article, author Kenny Kerry shows you how.

Kenny Kerr

MSDN Magazine November 2004

Windows Server 2003: Discover Improved System Info, New Kernel, Debugging, Security, and UI APIs


There's a lot to say about Windows Server 2003. First of all, it's the first operating system with built-in .NET Framework support, and it's the first 64-bit OS from Microsoft. But wait, there's more! There are lots of new features and APIs in this version as well. For instance, Windows Server 2003 features Hot Add Memory and a number of other arcane new tidbits. There are new APIs for handling threads, directories, and files, and new features like the low fragmentation heap for managing memory and system information. There's vectored exception handling and new UI APIs as well.OS internals expert Matt Pietrek takes a look at the additions he finds most interesting and useful so you'll have a good place to start when you dive into Windows Server 2003.

Matt Pietrek

MSDN Magazine June 2003

Spider in .NET: Crawl Web Sites and Catalog Info to Any Data Store with ADO.NET and Visual Basic .NE


Visual Basic .NET comes loaded with features not available in previous versions, including a new threading model, custom class creation, and data streaming. Learn how to take advantage of these features with an application that is designed to extract information from Web pages for indexing purposes. This article also discusses basic database access, file I/O, extending classes for objects, and the use of opacity and transparency in forms.

Mark Gerlach

MSDN Magazine October 2002

Propagate Error Info: Use ATL and C++ to Implement Error-Handling COM Objects


Predefined error codes returned from HRESULT aren't always much help for debugging COM C++ code. The C++ macros provided with this article produce an XML file listing the error and its context to make debugging easier. This article begins with an overview of error handling in COM, then discusses the COM interfaces used in the macros. It explains how C++ exceptions are caught and converted to COM-compatible error information, how events are logged with the event viewer, and how context is reported in the description string of IErrorInfo. The macros handle logic errors and errors returned by an object or API.

Panos Kougiouris

MSDN Magazine October 2000

Info on the Go: Wireless Internet Database Connectivity with ASP, XML, and SQL Server


Many handheld wireless devices such as cellular phones and PDAs already have the ability to access Web sites. So how do you build Web applications that tap this wireless audience? Although there are a number of limitations to wireless devices-such as screen size, navigation, and connection speed-you can use familiar Web development technologies to make your existing Web applications available to mobile users. This article outlines the services and equipment currently available to support wireless Web access. A sample wireless-accessible Web site that dynamically draws data from a SQL Server database back end in real time is created using tools such as ASP and XML.

Srdjan Vujosevic and Robert Laberge

MSDN Magazine June 2000

Say Goodbye to Quirky APIs: Building a WMI Provider to Expose Your Object Info


Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-Based Enterprise Management (WBEM), an industry standard for managing computers. WMI exposes system information in accordance with the Common Information Model (CIM), also an industry standard. You need a WMI provider to expose system information to WMI to manage applications and devices. This article offers an in-depth discussion of how to write WMI providers using the WMI provider framework, and how to optimize performance.

Kevin Hughes and David Wohlferd

MSDN Magazine May 2000

Array List with unique id while adding student info

Hello Frds,

I'm having arraylist to add student info but i have to create unique id per record below is my class.

Student objStudent=new Student(123,"Nj");

public class Student
  private string name;
private int RollId;
public string Name

    get { return name; }
set { name = value; }

public int Id
    get { return RollId; }
set { RollId = value; }
public Employee(string name, int id)


How in web.config work in MVC



I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.

In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization>  <allow roles> tags to it.

How would be the equivalent technique in MVC?

Thank you,


Roles not updating


I have all my code in my other post about checkboxlist issue, but it boils down to, once i find someone doing my search, it displays their permissions as checkboxes. But if i want to remove a permission and click update, the update doesnt seem to occur, if i search on myself, it returns me with my permissions already checked. I uncheck 1 permission, click update and the checkbox is checked again as the page posts.

Original Post:

My aspx page seems pretty simple:

<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">
    <div>Enter UserName: 
        <asp:TextBox ID="TxtUserName" runat="server" /><asp:Button ID="LookupBtn" runat="server" Text="Search" onclick="LookupBtn_Click" />  
    <div class="roleList">
        <asp:CheckBoxList ID="RoleList" runat="server" /><br />
        <asp:button ID="UpdateBtn" text="Update" Visible="false" runat="server" onclick="UpdateBtn_Click" />

My update button event and update method:

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend