dotnet windows forms: Security Model -- dotnet windows forms

Security Model

Jeff
1/28/2006 2:04:23 PM

dotnet windows forms:

I am designing a new Windows Forms client application (with SQL Server db on
the back end) for which users will authenticate via NT authentication
(network), or SQL Server authentication. Users who are granted access to the
application must also be granted access to specific forms and controls on
forms. The menu must show/hide items based on the user's access level. Also,
some controls should allow editing by some users but not others (based on
their security level).

My first thought is to have a static class that gets populated when the user
is authenticated. This static class would contain "user profile data", one
piece of which is some "security access level" value. Then the menu and all
forms (in their form_load event procedure) look to that static class to
determine what controls to enable/disable/hide.

What do you think about that? Is there some [other] standard/better way to
accomplish the security objectives?

Thanks!

Re: Security Model

Nick Hounsome
1/29/2006 12:00:00 AM

[quoted text, click to view]

1) Create boolean properties in the class (eg Level3Enabled, Level1Visible
or possibly just Level3Authorized) ensuring that if you have Level3Enabled
then also Level2Enabled etc.
2) Bind the Visible,Enabled and/or Editable properties of the controls/forms
to these properties

Probably better to set the secuity object as a property of the form - it's
more flexible.