Click here to Skip to main content
15,881,882 members
Search within:


Articles / Web Development / ASP.NET
 

Extending ASP.NET role based Security with Custom Security Module (Permission Based, Page Level Authorization)

Rate me:
Please Sign up or sign in to vote.
4.80/5 (18 votes)
11 Nov 2011Ms-PL5 min read 107.7K   9.3K   74  
This project intends to extend the default ASP.NET role based Security to include Permission Based / Page Level Authorization Layer. Works with both ASP.NET and ASP.NET MVC. Permission rules to Allow/Deny access to website resources (like "Folder/File.aspx" or "Controller/Action") are stored in DB.
 
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <configSections>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net"/>
    <section name="hibernate-configuration" type="NHibernate.Cfg.ConfigurationSectionHandler, NHibernate"/>
  </configSections>
  <appSettings/>
  <connectionStrings>
    <!--<add name="SqlServices" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|AadhaarMS.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>-->
      <add name="SqlServices" connectionString="Data Source=.\sqlexpress;AttachDbFilename=|DataDirectory|AadhaarMS.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <authentication mode="Forms">
      <forms name="crew-x-change" loginUrl="login.aspx"/>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
    <!-- membership provider -->
    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SqlServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="Aadhaar"/>
      </providers>
    </membership>
    <!-- role provider -->
    <roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="true" cookieSlidingExpiration="true" cookieProtection="All">
      <providers>
          <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="Aadhaar"/>
      </providers>
    </roleManager>
    <!--Not enabled Yet because of some bug as unable to fetch data at "Profile.ByUserId"-->
      <profile defaultProvider="AspNetSqlProfileProvider">
          <providers>
              <clear />
              <add name="AspNetSqlProfileProvider"
                type="System.Web.Profile.SqlProfileProvider"
                connectionStringName="SqlServices"
                applicationName="Aadhaar"
                description="AspNetSqlProfileProvider for Aadhaar" />
          </providers>
      <properties>
          <add name="Name" type="string"/>
          <add name="Surname" type="string"/>
          <add name="Company" type="string"/>
          <add name="Phone" type="string"/>
          <add name="PostalCode" type="string"/>
        <add name="TimeZone" type="string"/>
      </properties>
    </profile>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
    <compilation debug="true"/>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <customErrors mode="RemoteOnly" defaultRedirect="error.aspx"/>
    <pages>
      <namespaces>
        <add namespace="System.Data"/>
        <add namespace="System.IO"/>
      </namespaces>
    </pages>
    <httpModules>
      <add type="Aadhaar.Security.ADHPermissionsModule, Aadhaar.Data" name="ADHPermissionsModule"/>
    </httpModules>
  </system.web>
  <hibernate-configuration xmlns="urn:nhibernate-configuration-2.2">
    <session-factory name="Aadhaar.Data">
      <property name="dialect">NHibernate.Dialect.MsSqlCeDialect</property>
      <property name="connection.provider">NHibernate.Connection.DriverConnectionProvider</property>
      <property name="connection.connection_string">Data Source=.\sqlexpress;AttachDbFilename=|DataDirectory|AadhaarMS.MDF;Integrated Security=True;User Instance=True</property>
      <property name="connection.driver_class">NHibernate.Driver.SqlClientDriver</property>
      <property name="show_sql">false</property>
      <property name="connection.release_mode">auto</property>
      <property name="adonet.batch_size">500</property>
      <property name="max_fetch_depth">1</property>
      <mapping assembly="Aadhaar.Data" />
    </session-factory>
  </hibernate-configuration>
  <log4net>
    <appender name="AdoNetAppender" type="log4net.Appender.AdoNetAppender">
      <bufferSize value="100"/>
      <connectionType value="System.Data.SqlClient.SqlConnection, System.Data, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
      <connectionString value="Data Source=.\sqlexpress;AttachDbFilename=|DataDirectory|AadhaarMS.MDF;Integrated Security=True;User Instance=True"/>
      <commandText value="INSERT INTO Log ([Date],[Thread],[Level],[Logger],[Message],[Exception]) VALUES (@log_date, @thread, @log_level, @logger, @message, @exception)"/>
        <parameter>
            <parameterName value="@log_date" />
            <dbType value="DateTime" />
            <layout type="log4net.Layout.RawTimeStampLayout" />
        </parameter>
        <parameter>
            <parameterName value="@thread" />
            <dbType value="String" />
            <size value="255" />
            <layout type="log4net.Layout.PatternLayout">
                <conversionPattern value="%thread" />
            </layout>
        </parameter>
        <parameter>
            <parameterName value="@log_level" />
            <dbType value="String" />
            <size value="50" />
            <layout type="log4net.Layout.PatternLayout">
                <conversionPattern value="%level" />
            </layout>
        </parameter>
        <parameter>
            <parameterName value="@logger" />
            <dbType value="String" />
            <size value="255" />
            <layout type="log4net.Layout.PatternLayout">
                <conversionPattern value="%logger" />
            </layout>
        </parameter>
        <parameter>
            <parameterName value="@message" />
            <dbType value="String" />
            <size value="4000" />
            <layout type="log4net.Layout.PatternLayout">
                <conversionPattern value="%message" />
            </layout>
        </parameter>
        <parameter>
            <parameterName value="@exception" />
            <dbType value="String" />
            <size value="2000" />
            <layout type="log4net.Layout.ExceptionLayout" />
        </parameter>
    </appender>
    <appender name="NHibernateFileLog" type="log4net.Appender.FileAppender">
      <file value="logs/nhibernate.txt"/>
      <appendToFile value="false"/>
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%d{HH:mm:ss.fff} [%t] %-5p %c - %m%n"/>
      </layout>
    </appender>
    <logger name="NHibernate.SQL" additivity="false">
      <level value="ALL"/>
      <appender-ref ref="NHibernateFileLog"/>
      <appender-ref ref="AdoNetAppender"/>
    </logger>
    <logger name="Aadhaar" additivity="false">
      <level value="ALL"/>
      <appender-ref ref="AdoNetAppender"/>
    </logger>
  </log4net>
  <location path="Logout.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Register.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="error.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
amitthk
Software Developer (Senior)
Singapore Singapore
I love programming, reading, and meditation. I like to explore management and productivity.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 8 Nov 2011

Article Copyright 2011 by amitthk
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1