I am trying to create an application that is based on module level security. The idea is we would have a user login, grab there roles, grab the pages those roles have access to then in those pages grab the modules they have access to then the functions inside the modules they have access to (list, create, edit, delete). That way in an admin screen someon could allow or deny modules and module functions to groups.
Has anyone seen any sample projects like this or have ANY clue on how to implement this? I would really like to try this on a n-layer architecture.
Create your site with a basic membership system. Group your pages into folders and have Web.Config files in each to control access. This is all out-of-the-box functionality for the most part. The only custom code you would have to write is when creating an admin form.
As for the fine grain access, if they can’t access the pages, they can’t access their methods…
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
UPDATE:
if User.IsInRole(“Administrator”)…
https://web.archive.org/web/20181010194753/http://www.4guysfromrolla.com:80/articles/082703-1.2.aspx
On the same page, in the code-behind, you can check their roles programmatically and display/enable panels/modules accordingly 🙂