Home/ Questions/Q 6638111
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T23:23:44+00:00

Problem ASP.NET has no concept of associating permissions to roles. My app Current web

  • 0

Problem

ASP.NET has no concept of associating permissions to roles.

My app

Current web application is using custom user membership and role providers. The app has 4 roles: superuser, admin, principal, and teacher. When the user logs in, they are redirected to their appropriate UI. For example, admins are redirected to admin interface, teachers are redirected to teacher interface. Each interface has its own master page and aspx pages. A new requirement is that teachers are no longer allowed to view specific information or do specific functions. Information could be a field or a row in a gridview control, it could be functional as well (e.g. not able to click on a link to open a popup window, but still be able to see the link’s text). Other roles also have need of specific “permission” requirements, but completely different than the teachers ones.

Proposed Solution

Create a database table to centralize mapping of permissionsToRoles like so:

CREATE TABLE [dbo].[PermissionToRole](
    [PermissionID] [int] IDENTITY(1,1) NOT NULL primary key,
    [Role] int NOT NULL,
    [Control] [varchar](50) NOT NULL,
    [ControlType] [varchar](50) NOT NULL,
    [Function] [varchar](50) NOT NULL,
    [Read] [bit] NULL,
    [Write] [bit] NULL,
    [Execute] [bit] NULL,
    [Delete] [bit] NULL
)

Using the link example above we would get something like: “teacher”,
“labelName”, “asp:label”, “click”, 1, 0, 0, 0 (can read the link but
not “execute” the click)

The plan is to be able to do a few things:

  1. Use permissions to consolidate multiple aspx and logic into a single page (aspx). To reduce maintenance every time a new role is needed.
  2. Control at a all levels (tab -> control) a roles’ aka groups’ permissions. E.g. use this table to control visibility of controls at every level (tab, page, control). As well as individual functionality (e.g. click on a link control)
  3. Control what data is returned to the UI and what CRUD operations are allowed.

Are there frameworks out there for ASP.NET that can do this already? I’m pretty sure Content Management Systems (CMS) can do this, but this app will not use a CMS :). I really want to avoid reinventing the wheel.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Decided on trying NetSqlAzMan because:

    • Not COM and IS .NET 4
    • RDBMS for Data Store
    • AOP (Aspect Oriented Programming) (Can use attributes instead of massive if/else checks)
    • Lously coupled
    • Handles Permissions to Roles scenarios
    • Free
    • 0