Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to create an admin account

1 view
Skip to first unread message

Dan Holmes

unread,
Oct 11, 2006, 9:52:51 AM10/11/06
to
I admit this not being C# specific but i don't know where else to start.

My application needs an "administrator" user id. This would function
just like the "administrator" user id in windows. The account is
built-in. The only thing that is configurable about the account is the
password.

What i don't know how to do is create an account like that. Is the user
id and pwd treated like all the other accounts? Stored in the DB? How
is special treatment given to that account? Should the user id be
hardcoded into the system?

Any documents or whatever that suggest a good way to approach this would
be greatly appreciated.

dan

Chris Fulstow

unread,
Oct 11, 2006, 10:04:04 AM10/11/06
to
You need to create a user that is a member of the built-in system
"Administrators" group.

Tom Spink

unread,
Oct 11, 2006, 10:36:31 AM10/11/06
to
Dan Holmes wrote:

Hi Dan,

There are various approaches to what you are trying to accomplish, but
without anymore information about the security mechanisms you already
implement it's hard to suggest anything concrete.

From your post, I'm inferring that you already have some sort of
authentication system in place, for an application?

If this is the case, then can you provide any more information about what
you're doing, how you're doing it? If it's not, then are you looking for
an entire security implementation?

--
Hope this helps,
Tom Spink

Google first, ask later.

Dan Holmes

unread,
Oct 12, 2006, 8:28:21 AM10/12/06
to
Tom Spink wrote:
>
> Hi Dan,
>
...

>
> From your post, I'm inferring that you already have some sort of
> authentication system in place, for an application?
>
> If this is the case, then can you provide any more information about what
> you're doing, how you're doing it? If it's not, then are you looking for
> an entire security implementation?
>
Yes, i have a security solution but i don't like the way that the admins
are handled. Right now any user with all rights is an admin. That
requires a manual SQL insert when the application is installed.

I currently have a table that holds user information and another table
that contains the things that the user is authorized to do. I can
provide more if you need it but didn't want to add too much.

What i am trying to do is not store a user in the DB named "admin" but i
also don't want code that looks like:

if (userID == "Admin") { /*do admin stuff*/ }

There must be a solution between those two extremes.

dan

Tom Spink

unread,
Oct 12, 2006, 11:10:39 AM10/12/06
to
Dan Holmes wrote:

Hi Dan,

Thanks for the extra information. At the simplest level, all I suggest is
adding a field to your users table, to specify whether or not that user has
admin rights, then when a privileged operation needs to happen, check the
value of that field. I assume you store somewhere the ID of the user
currently logged on; if you extend that to include the admin flag, then
whenever you need a privileged operation, you can check against that.

0 new messages