Hi all, First post on here so be gentle... I am a c# developer who has programmed one or two minor web apps and a few windows apps using the .net framework. I generally love the api's available, but am having problems at the design stage of what will be a pretty
major web application. The app will utilise sql server for user and app data store and probably .net 4 (non mvc as I don't wish to learn a new technology yet again), I may go for an earlier version, I haven't decided yet. I have been doing a fair bit of looking
into the membership api's and associated providers and for various reasons, don't want to use the default membership provider with profile provider as I really don't like how the extra user data is serialised in a single column (my app has lots of non serialisable
user data requiring storage) on the sql server. I would also prefer to develop my own administrative asp.net pages and code as the app is heavily roles dependent and would need some pretty heavy customisation of the existing Apis and autogenerated code to
get it to work. The plan at the moment is as follows: custom login code with check against hashed password stored on the sql back end. I plan to write a custom role provider, but here is where I hit a problem. As I will be using the authentication redirectfromloginpage
method, together with custom role provider, how do I link up my authentication code with the role provider? I am assuming the role data is normally stored in the authentication ticket cookie, how can I pass an integer or string array to this ticket to utilise
role authorisation on a per page basis? (Assuming this is how membership does it). I would like to use the config xml to configure location based role permissions, but unless I code the Authentication cookie with user role data, I don't see how the web application
will know whether the authed user has the required role in their user account. I was planning on writing a custom per page authorisation method, which would check role permissions against the server, but this is going to hammer the back end and interests of
scalability, would prefer to use the config roles section. (Assuming that this uses auth ticket cookie to confirm the user roles) This is probably a very confusing post, if you have any questions required for clarification. Programming isn't my primary job
and I don't have loads of time to learn extra technologies unfortunately. I just need a very robust, secure and user friendly application which allows me to store non serializable user data as well as allowing me to come up with some funky ways of dealing
with multi-tiered role permissions, based upon both global roles, local roles as well as roles for the company hierarchy, based upon location. Thanks! (For some reason this page isn't parsing my returns, hence the lack of paragraphs sorry!)
↧