Authentication System for ASP.NET Web Applications?

I have a question:

How do I create a role-based web application? For example, forum sites have many types of users, administrator, moderator, etc. are the roles of these user types stored in the database or web.config? And when a user visits our site, how do you manage these user roles? In short, I want to learn about authorization and authentication.

Thank..

0


source to share


3 answers


@Mavera:

Basically, it's the concept of having your own user table in your own database where you can manage permissions and store login details (hash properly, of course). In the case of a tiered permission scheme, I usually use two or more tables, for example:

TblUsers:
-----------------------------------------------------------------
| UserID (PK) | UserName | HashedPassword | PermissionLevel (FK)|
|---------------------------------------------------------------|
|     1       | BobTables| adfafs2312     |         2           |
-----------------------------------------------------------------

TblPermissions
-------------------------------------
|  PermissionID (PK) | Description   |
--------------------------------------
|         1          |     User      |
|         2          |   SuperUser   |
|         3          |     Admin     |
--------------------------------------

      

You can add a third table that contains a one-to-many relationship between TblPermissions, which provides the actual capabilities that the user may be allowed to do.



The user's request would be as simple as:

SELECT TblUser.Username, TblPermissions.Description 
    FROM TblUsers, TblPermissions 
    WHERE TblUser.UserID = @UserID 
    AND TblUser.PermissionLevel = TblPermission.PermissionID;

      

Create your own class to encapsulate this information and store it in your ASP.NET session at login.

0


source


+8


source


I found that built-in authorization schemes are great for simple situations where you only need to authenticate who can log in and who can leave, but not suitable for special situations like having special admin accounts, etc.

In these situations, I have created my own authentication scheme.

0


source







All Articles