Asp Forum - Role Based Security - microsoft.public.dotnet.framework

Martin Eckart

10/28/2008 4:35:00 PM

Hi NG,

I am about to start development of the Security part of a big application.
The requirements are that users must be assigned to roles and the roles then
can be configured to access features.

The features are a set of methods in C# which will be defined once before
rollout. The assignment which roles can access those features are
configurable in an xml file.

I would like to use Role Based Security functionality from the .NET
Framework but have not found anything yet about how to make the following
call depending on an external file/service:
[PrincipalPermissionAttribute(SecurityAction.Demand, Name = "MyUser", Role =
"User")]
I can get the current user form my database, but I don't know how to put a
placeholder here for the Role and replace it then with the value from the
configuration file.

Any hints?

Thanks,
Martin

4 Answers

sloan

10/28/2008 4:49:00 PM

Your code is declarative.

http://msdn.microsoft.com/en-us/library/aa3...

Search for "programmatically" at the above URL.

"Martin Eckart" <moartl17atyahoo.de> wrote in message
news:%23VHhwsROJHA.2404@TK2MSFTNGP05.phx.gbl...
> Hi NG,
>
> I am about to start development of the Security part of a big application.
> The requirements are that users must be assigned to roles and the roles
> then can be configured to access features.
>
> The features are a set of methods in C# which will be defined once before
> rollout. The assignment which roles can access those features are
> configurable in an xml file.
>
> I would like to use Role Based Security functionality from the .NET
> Framework but have not found anything yet about how to make the following
> call depending on an external file/service:
> [PrincipalPermissionAttribute(SecurityAction.Demand, Name = "MyUser", Role
> = "User")]
> I can get the current user form my database, but I don't know how to put a
> placeholder here for the Role and replace it then with the value from the
> configuration file.
>
> Any hints?
>
> Thanks,
> Martin
>

sloan

10/28/2008 4:57:00 PM

Personally...I created my own IPrincipal interface (and concrete
implementation).
I decided to go to a RIGHTS based model.

The below interface has met my needs, 100% of the time.

I feel the "Roles" based system kinda is lacking a tad. Most people can
make it work.
One guy (at a user group meeting) told me he uses "rights" anywhere the word
"role" appears.
(Aka, an artficial swap out).

public interface IRolesAndRightsPrincipal :
System.Security.Principal.IPrincipal
{

bool IsInRole(System.Guid role);

bool IsInAnyRole(System.Guid[] roles);

bool IsInAllRoles(System.Guid[] roles);

bool HasRight(System.Guid right);

bool HasAnyRight(System.Guid[] rights);

bool HasAllRights(System.Guid[] rights);

ISecurityRoleCollection AllRoles //and ISecurityRole is just a Guid
and a Name simple object in my world
{
get;
}

ISecurityRightCollection AllRights//and ISecurityRight is just a
Guid and a Name simple object in my world
{
get;
}

}

"Martin Eckart" <moartl17atyahoo.de> wrote in message
news:%23VHhwsROJHA.2404@TK2MSFTNGP05.phx.gbl...
> Hi NG,
>
> I am about to start development of the Security part of a big application.
> The requirements are that users must be assigned to roles and the roles
> then can be configured to access features.
>
> The features are a set of methods in C# which will be defined once before
> rollout. The assignment which roles can access those features are
> configurable in an xml file.
>
> I would like to use Role Based Security functionality from the .NET
> Framework but have not found anything yet about how to make the following
> call depending on an external file/service:
> [PrincipalPermissionAttribute(SecurityAction.Demand, Name = "MyUser", Role
> = "User")]
> I can get the current user form my database, but I don't know how to put a
> placeholder here for the Role and replace it then with the value from the
> configuration file.
>
> Any hints?
>
> Thanks,
> Martin
>

Martin Eckart

10/29/2008 7:36:00 PM

Thanks sloan, great hints.

One more question: I assume you then use the Demand() method of the
PrincipalPermission class. Are you implementing your own Demand() method?
How would you do that, sonce Princ.Permission is sealed?

"sloan" <sloan@ipass.net> wrote in message
news:%23w0YI4ROJHA.2100@TK2MSFTNGP05.phx.gbl...
>
> Personally...I created my own IPrincipal interface (and concrete
> implementation).
> I decided to go to a RIGHTS based model.
>
> The below interface has met my needs, 100% of the time.
>
>
> I feel the "Roles" based system kinda is lacking a tad. Most people can
> make it work.
> One guy (at a user group meeting) told me he uses "rights" anywhere the
> word "role" appears.
> (Aka, an artficial swap out).
>
>
>
>
> public interface IRolesAndRightsPrincipal :
> System.Security.Principal.IPrincipal
> {
>
> bool IsInRole(System.Guid role);
>
> bool IsInAnyRole(System.Guid[] roles);
>
> bool IsInAllRoles(System.Guid[] roles);
>
> bool HasRight(System.Guid right);
>
> bool HasAnyRight(System.Guid[] rights);
>
> bool HasAllRights(System.Guid[] rights);
>
>
> ISecurityRoleCollection AllRoles //and ISecurityRole is just a Guid
> and a Name simple object in my world
> {
> get;
> }
>
> ISecurityRightCollection AllRights//and ISecurityRight is just a
> Guid and a Name simple object in my world
> {
> get;
> }
>
>
> }
>
>
>
>
>
> "Martin Eckart" <moartl17atyahoo.de> wrote in message
> news:%23VHhwsROJHA.2404@TK2MSFTNGP05.phx.gbl...
>> Hi NG,
>>
>> I am about to start development of the Security part of a big
>> application. The requirements are that users must be assigned to roles
>> and the roles then can be configured to access features.
>>
>> The features are a set of methods in C# which will be defined once before
>> rollout. The assignment which roles can access those features are
>> configurable in an xml file.
>>
>> I would like to use Role Based Security functionality from the .NET
>> Framework but have not found anything yet about how to make the following
>> call depending on an external file/service:
>> [PrincipalPermissionAttribute(SecurityAction.Demand, Name = "MyUser",
>> Role = "User")]
>> I can get the current user form my database, but I don't know how to put
>> a placeholder here for the Role and replace it then with the value from
>> the configuration file.
>>
>> Any hints?
>>
>> Thanks,
>> Martin
>>
>
>

sloan

10/31/2008 3:27:00 PM

No, I don't implement/use the Demand() method.

"Martin Eckart" <moartl17atyahoo.de> wrote in message
news:ukd1S2fOJHA.4776@TK2MSFTNGP05.phx.gbl...
> Thanks sloan, great hints.
>
> One more question: I assume you then use the Demand() method of the
> PrincipalPermission class. Are you implementing your own Demand() method?
> How would you do that, sonce Princ.Permission is sealed?
>
> "sloan" <sloan@ipass.net> wrote in message
> news:%23w0YI4ROJHA.2100@TK2MSFTNGP05.phx.gbl...
>>
>> Personally...I created my own IPrincipal interface (and concrete
>> implementation).
>> I decided to go to a RIGHTS based model.
>>
>> The below interface has met my needs, 100% of the time.
>>
>>
>> I feel the "Roles" based system kinda is lacking a tad. Most people can
>> make it work.
>> One guy (at a user group meeting) told me he uses "rights" anywhere the
>> word "role" appears.
>> (Aka, an artficial swap out).
>>
>>
>>
>>
>> public interface IRolesAndRightsPrincipal :
>> System.Security.Principal.IPrincipal
>> {
>>
>> bool IsInRole(System.Guid role);
>>
>> bool IsInAnyRole(System.Guid[] roles);
>>
>> bool IsInAllRoles(System.Guid[] roles);
>>
>> bool HasRight(System.Guid right);
>>
>> bool HasAnyRight(System.Guid[] rights);
>>
>> bool HasAllRights(System.Guid[] rights);
>>
>>
>> ISecurityRoleCollection AllRoles //and ISecurityRole is just a
>> Guid and a Name simple object in my world
>> {
>> get;
>> }
>>
>> ISecurityRightCollection AllRights//and ISecurityRight is just a
>> Guid and a Name simple object in my world
>> {
>> get;
>> }
>>
>>
>> }
>>
>>
>>
>>
>>
>> "Martin Eckart" <moartl17atyahoo.de> wrote in message
>> news:%23VHhwsROJHA.2404@TK2MSFTNGP05.phx.gbl...
>>> Hi NG,
>>>
>>> I am about to start development of the Security part of a big
>>> application. The requirements are that users must be assigned to roles
>>> and the roles then can be configured to access features.
>>>
>>> The features are a set of methods in C# which will be defined once
>>> before rollout. The assignment which roles can access those features are
>>> configurable in an xml file.
>>>
>>> I would like to use Role Based Security functionality from the .NET
>>> Framework but have not found anything yet about how to make the
>>> following call depending on an external file/service:
>>> [PrincipalPermissionAttribute(SecurityAction.Demand, Name = "MyUser",
>>> Role = "User")]
>>> I can get the current user form my database, but I don't know how to put
>>> a placeholder here for the Role and replace it then with the value from
>>> the configuration file.
>>>
>>> Any hints?
>>>
>>> Thanks,
>>> Martin
>>>
>>
>>
>
>

microsoft.public.dotnet.framework

Role Based Security

Martin Eckart

sloan

sloan

Martin Eckart

sloan

x Login to ForumsZone