|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security ModelI am designing a new Windows Forms client application (with SQL Server db on
the back end) for which users will authenticate via NT authentication (network), or SQL Server authentication. Users who are granted access to the application must also be granted access to specific forms and controls on forms. The menu must show/hide items based on the user's access level. Also, some controls should allow editing by some users but not others (based on their security level). My first thought is to have a static class that gets populated when the user is authenticated. This static class would contain "user profile data", one piece of which is some "security access level" value. Then the menu and all forms (in their form_load event procedure) look to that static class to determine what controls to enable/disable/hide. What do you think about that? Is there some [other] standard/better way to accomplish the security objectives? Thanks!
Show quote
Hide quote
"Jeff" <A@B.COM> wrote in message 1) Create boolean properties in the class (eg Level3Enabled, Level1Visible news:uADfIbFJGHA.3936@TK2MSFTNGP12.phx.gbl... >I am designing a new Windows Forms client application (with SQL Server db >on the back end) for which users will authenticate via NT authentication >(network), or SQL Server authentication. Users who are granted access to >the application must also be granted access to specific forms and controls >on forms. The menu must show/hide items based on the user's access level. >Also, some controls should allow editing by some users but not others >(based on their security level). > > My first thought is to have a static class that gets populated when the > user is authenticated. This static class would contain "user profile > data", one piece of which is some "security access level" value. Then the > menu and all forms (in their form_load event procedure) look to that > static class to determine what controls to enable/disable/hide. > > What do you think about that? Is there some [other] standard/better way to > accomplish the security objectives? > > Thanks! or possibly just Level3Authorized) ensuring that if you have Level3Enabled then also Level2Enabled etc. 2) Bind the Visible,Enabled and/or Editable properties of the controls/forms to these properties Probably better to set the secuity object as a property of the form - it's more flexible.  
Other interesting topics
Recommendations for graphical application
DoubleClick Event Won't Fire Project Data Source Using Derived Interface Databinding between two forms in .NET 2.0 Recommendations for graphical application Excel => .NET...Grid, Chart multiple forms/common menu structure Odd behavior with .NET 2.0 winforms 'DisplayMember' is not a member of 'System.Windows.Forms.ListView'. code clean up |
|||||||||||||||||||||||
