I have an ASP.Net Web Forms application in which I’m using forms-based authentication with Membership and Role providers, which is fine for authenticating and controlling access to directories and/or files. Now I find myself needing to control read, write and delete access on individual entity instances, for example being able to update or delete an instance of a customer. I’ve been trying to think of a good way to implement this but I don’t really know where to start. I read about the Authorize attribute in ASP.Net MVC and thought it would be nice to have something analogous–decorating methods the way you can controller actions in ASP.Net MVC. I don’t know of any out of the box way to accomplish this in the Web Forms world though, and don’t know of any frameworks or other tools that might help me move in that direction. Any suggestions, both in terms of existing solutions and/or how to design my own implementation would be greatly appreciated.
I have an ASP.Net Web Forms application in which I’m using forms-based authentication with
Share
The easiest way is to demand that the user is a member of the role(s) required for the method in question with
PrincipalPermissionAttribute.Note that this means Supervisor OR Owner can
DeleteSomething().