|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Custom Security Question / Guidancecould help. I am already familiar with the Identity, Principal, and PrincipalPermission objects. Outlined below is what I am looking to try and implement. I need to have Roles and Rights that I assign to a user (in a custom security application db). Example: User Role Rights Bob DataItem View, Read, Write, Create (Full Control) John DataItem View In our code we would do something like this: If (User.IsInRole("DataItem")) { // do something... } However what I need to be able to do is also something like the following: if (User.IsInRole("DataItem") && User.HasPermission("Write")) { // Show the save button } else { // Don't show save button.. } This is just a very small example... We are in the process of building a large application with several thousand users and we have multiple levels and type of security needed. To help keep the number of roles down to a minimum we want to couple it with Rights (or permissions) similar to how most network security works. We could probably just extend the Principal object to handle this but I want to fish for other options as well if anybody has run into any. Since there are tons of objects in the framework there may already be something I can inherit from or use that does this. I just have not been able to find it. Any help, comments, ideas would be appreciated. It can be in either 1.1 or 2.0 doesn't matter... Have you taken a look at AzMan (Authorization Manager)? It's meant for
precisely this sort of fine-grained control over user permissions. For an introduction to AzMan, see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/athmanwp.mspx. For some basic details on how to use it, you might want to take a look at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000019.asp -- even though it's got a bit of content that's specific to ASP.NET 2.0, most of the document is actually applicable to any use of AzMan. Show quote "JCauble" <JCau***@discussions.microsoft.com> wrote in message news:2554A1CC-EAF2-4606-ABC8-943A113D9127@microsoft.com... >I am in need of adding security to my application and was wondering what > could help. I am already familiar with the Identity, Principal, and > PrincipalPermission objects. Outlined below is what I am looking to try > and > implement. > > I need to have Roles and Rights that I assign to a user (in a custom > security application db). > > Example: > > User Role Rights > Bob DataItem View, Read, Write, Create (Full Control) > John DataItem View > > In our code we would do something like this: > > If (User.IsInRole("DataItem")) > { > // do something... > } > > However what I need to be able to do is also something like the following: > > if (User.IsInRole("DataItem") && User.HasPermission("Write")) > { > // Show the save button > } > else > { > // Don't show save button.. > } > > This is just a very small example... We are in the process of building a > large application with several thousand users and we have multiple levels > and > type of security needed. To help keep the number of roles down to a > minimum > we want to couple it with Rights (or permissions) similar to how most > network > security works. > > We could probably just extend the Principal object to handle this but I > want > to fish for other options as well if anybody has run into any. Since > there > are tons of objects in the framework there may already be something I can > inherit from or use that does this. I just have not been able to find it. > > Any help, comments, ideas would be appreciated. It can be in either 1.1 > or > 2.0 doesn't matter...  |
|||||||||||||||||||||||
Other interesting topics