Hello,

I'm building a web application which has Users and these Users have permission to access certain bits of the web app.

After a user logs on, according to it's permissions which will be read from permissions table, he will see the bits of the app that he can access.

But to prevent hacking and so on, I need to check if the user has access to that page whenever a page is called on the web server.

If someone goes to for example "a.aspx", I will check from the permissions table if that person has access or not.

But this means there will be a query to PErmissions table each time a page is called.

Will it cause a problem regarding the web app? Will it give errors if more than one query is made at the same time to permissions table?

What is the best way of achieving this goal?

Thank you.

If you have a bunch of processes or threads reading from a table without modifying the table, in a way that affects the others' results, you won't have any problems.

Thank you for your fast and clear reply!

I got one more question regarding the issue;
What happens If both users try to change the datas of different rows in the same table at the same time?
Or, what happens if two people try to add new data to the same table at the same time?

Thank you!

If you have a bunch of processes or threads reading from a table without modifying the table, in a way that affects the others' results, you won't have any problems.

Your database API should have support for transactions; if you put your set of database actions in a transaction, it will see a consistent view of the database -- it will never put the database in some unpredictable state. You should want your transactions to be as short in time duration as possible.

Well I'm using .NET and C# and working with an MsSQL 2008 database. Is it OK?

And can you explain where can I make use of DataSet thing of ASP.NET? I don't really understand it.

Thank you!

Your database API should have support for transactions; if you put your set of database actions in a transaction, it will see a consistent view of the database -- it will never put the database in some unpredictable state. You should want your transactions to be as short in time duration as possible.

You might want to head over to the ASP.NET forum for your questions about ASP.NET

This question has already been answered. Start a new discussion instead.