Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: ASP.NET 3.5 Enterprise Application Development with Visual Studio 2008: Problem Design Solutio
This is the forum to discuss the Wrox book ASP.NET 3.5 Enterprise Application Development with Visual Studio 2008: Problem Design Solution by Vincent Varallo; ISBN: 9780470396865
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET 3.5 Enterprise Application Development with Visual Studio 2008: Problem Design Solutio section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old May 25th, 2009, 04:20 PM
Authorized User
 
Join Date: Apr 2009
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Default NoAccessToPage exception

Hi,

While testing I observed that an administrator, say who has edit access to the roles role
can empty the users in role listbox and/ or give themselves Read Only access thereafter
the only way out is to either log in under a different user or go to the database and re-instate the administrator.

I agree no one should be foolish enough to do the above but it is possible. How can the code cater for that?

regards
  #2 (permalink)  
Old May 26th, 2009, 05:23 PM
Authorized User
 
Join Date: Mar 2009
Posts: 79
Thanks: 4
Thanked 4 Times in 4 Posts
Default

With great power comes great responsibility.

I wouldnt even have thought to try that out, but wow, that is a potentially dangerous behavior.
As an Administrator on a system you cant gimp them to where they can not completely modify whatever. However, I would agree that an administrator account should not be able to be set to read-only. When I get around to it, I will look at making a change to only allow for admin accounts to be deletable from other admin accounts. Another thought would be to make a rule where, there has to be atleast 1 admin account present, ie if an account is marked as admin and is the only one it can not be deleted.

The last part can be done via SQL query where you use the COUNT function to check for the number of admin accounts, if > 1 then deletion is allowed else no. This can be easily implemented into the Validate Delete method, to prevent deletion of the only admin account.

Let me know if you need more help.
  #3 (permalink)  
Old June 1st, 2009, 12:49 PM
Authorized User
 
Join Date: Apr 2009
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

Thanks for your reply. Rumour has it, one day an admin who was off sick passed his credentials over the phone to a less senior employee to solve an urgent problem. Thereafter, everyone including plant operators knew the admin username and password.

Yes, in my trade (engineering) the admin credentials become common knowledge. It should not happen but t it does.

The problem happens because the user who wiped his/her rights out should not be in the page they are in, so when they save they get the exception.

My thoughts on it so far rather than throwing an exception just redirect to the home page and an admin should re-create the admin account from the database. Or create an admin account than can't be altered and always has "Edit" capability only; and that means, another access type that does not include "none".

regards

Last edited by luckystar; June 1st, 2009 at 12:53 PM..
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
COM Exception muralidharan.d VS.NET 2002/2003 0 August 7th, 2007 02:49 PM
Exception in chapter9 james.zeng BOOK: Beginning Cryptography with Java 2 January 11th, 2007 04:06 PM
Exception when transforming using ksskumar XSLT 1 October 10th, 2006 02:33 AM
Exception Ochi C# 1 January 15th, 2006 11:38 PM



All times are GMT -4. The time now is 06:45 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.