1. ASP.NET Introduction 2. Comp of .Net Framework 3.5 3. Sys.Req for VS 2008 4. ASP.NET Envrmnt Setup 5. VS2010 Ultimate Sys.Req 6. Installing VS 2010 7. VS 2012 Sys.Req 8. Installing VS Exp 2012 9. Start the VS 2008 10. Application Life Cycle 11. Page Life Cycle 12. Page Life Cycle Events 13. ASP.NET Example 14. Event Handling 15. Default Events 16. Server Side 17. Request Object 18. Response Object 19. Server Controls 20. Server Controls Properties 21. Server Controls Methods 22. HTML Server Controls 23. Client Side 24. ASP.NET Basic Controls 25. TextBox Control 26. CheckBox Controls 27. RadioButton Controls 28. ListBox Control 29. HyperLink Control 30. Image Control 31. BulletedList Control 32. ASP.NET Directives 33. Implements Directive 34. Master Type Directive 35. Page Directive 36. PreviousPage Type 37. Managing State 38. Control State 39. Cookies 40. Query Strings 41. Server-Side State 42. Session State 43. Validation Controls 44. Required FieldValidator 45. Range Validator 46. Compare Validator 47. RegularExpressionValidator 48. Custom Validator 49. Validation Summary 50. Data Source Control 51. AdRotator Control 52. Calendar Control 53. Calendar Control Example 54. Panel Control 55. Panel Control Example 56. Multi Views Control 57. MultiView & View controls 58. MultiView Control Example 59. FileUpload Control 60. FileUpload Control Eg 61. AJAX Control 62. UpdatePanel control 63. UpdateProgress Control 64. Custom Controls 65. Custom Control Eg 66. Personalization 67. Create Simple Profile 68. ADO.NET 69. ADO.NET Objects 70. DataTable 71. DataRow 72. DataColumn 73. Object Example 74. Error Handling 75. Tracing Errors 76. Debugger 77. Security 78. Authentication 79. Authorization 80. LINQ 81. LINQ Query Operators 82. LINQ Example 83. Caching 84. Data Caching 85. Output Caching 86. Object Caching 87. Web Services 88. Create Web Services Eg 89. Web & Machine.config 90. Settings Schema 91. ASP.NET Deployment 92. XCopy Deployment 93. Web Setup Project 94. ASP Interview Part 1 95. ASP Interview Part 2 96. ASP Interview Part 3 97. ASP Interview Part 4 98. ASP Interview Part 5 99. ASP Interview Part 6
Pr.Pg Next Pg

Authorization tutorials

  • The IIS server can be configured to control the resources that can be accessed by users.You can control the access permissions on an IIS Web site by marking the allowed operations on the Web site. The different permission levels include the following:

    1. Read: Allows users to retrieve and read the content stored in the virtual directory. This permission is assigned to most virtual directories.

    2. Write: Allows users to retrieve and modify the content stored in the virtual directory. If a Web site is open to receiving content over the HTTP protocol, the virtual directory used to store the received files must have the write permission. A typical example of this would be a virtual directory that stores the files that are uploaded as attachments to e-mail messages.

    3. Script source access: Allows users to view the source code of any server-side program.

    4. Directory browsing: Allows users to view the contents of the entire virtual directory. This is similar to viewing an FTP folder.

    5. Log visits: Keeps track of the number of users who visit the site, and records information about various details, such as the IP address of the client and the resources that are requested for.

    6. Index: Uses Microsoft Index Server to index the virtual directory. The contents of the directory can be retrieved in a search result using the Index Server.

  • In addition to the IIS permission levels, NTFS permissions can also be used to secure the files and directories on a Web server. The following are the different access permissions that can be assigned to users and groups for the files and directories on the server:
    1. Full Control: Allows users to have complete control on files and/or directories.

    2. Modify: Allows users to modify the contents of files and/or directories.However, users will not be able to delete files and/or directories.

    3. Read & Execute: Allows users to read the contents of the existing files and/or directories and execute any application stored in that folder. However, users will not be able to modify the contents of the files and/or directories.

    4. List Folder Contents: Allows users to view the contents of the folder. However, users will neither be able to read the contents of any file in the folder nor modify any contents.

    5. Write: Allows users to make changes to files and/or directories.

    6. No Access: Does not allow any access to files and/or directories.


Role-based Security

  • A role is a named set of users that have the same privileges with respect to security. For example, sales agent and sales manager are two different roles. Each role has the same security privileges. A user can be a member of one or more roles.

  • Applications can readily use role membership to determine whether or not a user is authorized to perform a requested action. Roles are like groups in the sense that multiple users can belong to a role and a user can also belong to multiple roles.

  • Although roles are logically equivalent to security groups, there is a major difference. Roles are always specific to an application, whereas typically groups are not specific to any application they are defined at the operating system level.

  • Roles are often used in Web applications to enforce security authorization policy. For example, an online banking application may impose a limit of $500,000, which cannot be exceeded by a teller in a single debit or credit transaction only a manager can conduct this transaction. In such a situation, you can configure the application to allow the tellers to process transactions that are less than $500,000 and managers to process transactions that exceed $500,000.

  • Microsoft, first, introduced support for defining application roles in Microsoft Transaction Server (MTS) and extended this further with the release of COM+ 1.0 in Windows 2000. With the launch of the Microsoft .NET Framework, the support for role-based security has been extended further. The .NET Framework provides role-based security support that is flexible and extensible enough to meet the needs of a wide spectrum of applications.

  • For Example:   a user User1 might belong to group Administrators and the same role can be used in ASP.NET applications. You can check whether a user belongs to a particular role or not you need to write something like this: 



//display all options




//display limited options


Here, the IsInRole () method is used to check whether a given user has a given role.


Pr.Pg border                                              Next Pg