Hi All,
My site is using forms authentication with both users and roles.
I use small web.config files to deny/allow access to directories for specific users or roles.
Those file look similar to this:
<?xml version="1.0"?><configuration><system.web><authorization><allow roles="Admins, Coaches, Athletes"/><deny users="*, ?"/></authorization></system.web></configuration>
The above works.
My site has two groups of users; athletes and coaches.The configuration of which user is a coach of which athlete is done in the database.
I now need to create the following:
My site will generate athlete specific reports. Those reports should only be visible for that specify athlete and also to his/her coach. Each athlete will get its own directory on the server.
To accomplish this i could place a web.config file into each directory with the following content:
<?xml version="1.0"?><configuration><system.web><authorization><allow users="AthleteName"/><allow users="CoachName"/><deny users="*, ?"/></authorization></system.web></configuration>
This would probably work. My problem is:
New users can be added to the site at any time through a membership page.
The coach/athlete configuration is done in the database and can change at any time. It can also change through a back-end system which is not part of my site.
Instead of having a static web.config i was looking for a more dynamic way of access authorisation to directories.
Does anybody have a good idea?
Thanks in advance.