I am designing a new Windows Forms client application (with SQL Server db on
the back end) for which users will authenticate via NT authentication
(network), or SQL Server authentication. Users who are granted access to the
application must also be granted access to specific forms and controls on
forms. The menu must show/hide items based on the user's access level. Also,
some controls should allow editing by some users but not others (based on
their security level).
My first thought is to have a static class that gets populated when the user
is authenticated. This static class would contain "user profile data", one
piece of which is some "security access level" value. Then the menu and all
forms (in their form_load event procedure) look to that static class to
determine what controls to enable/disable/hide.
What do you think about that? Is there some [other] standard/better way to
accomplish the security objectives?
Thanks!
the back end) for which users will authenticate via NT authentication
(network), or SQL Server authentication. Users who are granted access to the
application must also be granted access to specific forms and controls on
forms. The menu must show/hide items based on the user's access level. Also,
some controls should allow editing by some users but not others (based on
their security level).
My first thought is to have a static class that gets populated when the user
is authenticated. This static class would contain "user profile data", one
piece of which is some "security access level" value. Then the menu and all
forms (in their form_load event procedure) look to that static class to
determine what controls to enable/disable/hide.
What do you think about that? Is there some [other] standard/better way to
accomplish the security objectives?
Thanks!
Comment