How do I implement page authorizaton in ASP.NET using a SQL store instead of web.config?
Posted
by drachenstern
on Stack Overflow
See other posts from Stack Overflow
or by drachenstern
Published on 2010-02-12T00:22:24Z
Indexed on
2010/05/16
3:50 UTC
Read the original article
Hit count: 362
For instance, the way we're doing it now is like thus: (in the web.config)
<location path="somePath">
<system.web>
<authorization>
<allow roles="approvedRoles"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
And what I would like to do instead is to store this information in SQL somewhere so that we can manipulate the information more easily. But we want to keep the same functionality that having the information in web.config provides, just like we can use a SqlRoleProvider instead of hardcoding roles in the app. So in other words, if a user currently tries to goto "somePath" and they're not a member of "approvedRoles" then they get redirected back to default.aspx, and if they are a member of "approvedRoles" then they get the page. I want to do the same thing, but without using web.config as the authorization mechanism.
So what I'm NOT asking is how do I go about defining roles, or how do I handle logging in to the database, but specifically how do I store the above information in SQL instead of web.config. Actually, I'll take "anywhere but web.config" for now.
Any ideas? Is this possible using a "Provider" class? I'm just looking for pointers on what to inherit and maybe some technet documentation. In this regard my googlefoo is lacking since I don't really know where to point. Am I really only looking for AzMan? Is this location-authorization-via-SQL already defined in the default aspnetdb somewhere and I'm missing it?
For that matter, has this question already been asked on SO and I've missed it? What would you google?
© Stack Overflow or respective owner