Custom Security Object - How to??

Discussion in 'ASP .Net Security' started by seal, Jul 13, 2005.

  1. seal

    seal Guest

    Hi

    I work for a company that has user and user roles in the database and a
    very, very complicated long list of rules on how to let a person see the data
    from a page or control. My question is I want to re-write the security object
    and I am looking for suggestions as to what the best way to do this would be.

    Any suggestions?
    seal, Jul 13, 2005
    #1
    1. Advertising

  2. Hello seal,

    What do you mean with Security Object??


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi
    >
    > I work for a company that has user and user roles in the database and
    > a very, very complicated long list of rules on how to let a person see
    > the data from a page or control. My question is I want to re-write the
    > security object and I am looking for suggestions as to what the best
    > way to do this would be.
    >
    > Any suggestions?
    >
    Dominick Baier [DevelopMentor], Jul 13, 2005
    #2
    1. Advertising

  3. seal

    seal Guest

    Hi Dominick

    Thanks for the response. By Secutiy Object, I mean my own dll that will
    handle the decision that a particular client that is part of a particular
    group (defined by us, in this case lets say a data_entry user vs. an
    administrator user) can or cannot see data on a page. We need to restrict
    some users to only see their clients and others can see their clients as well
    as clients that they have what we call a partnership with. I was going down
    the path of creating my own custom object that would use the IPrincipal
    interface and each page in our database would have a particular role assiged
    to it, so that if a user does not match the role he would be re-directed to a
    page that politely tells him he cannot see this clients data. Make any sense?

    "Dominick Baier [DevelopMentor]" wrote:

    > Hello seal,
    >
    > What do you mean with Security Object??
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hi
    > >
    > > I work for a company that has user and user roles in the database and
    > > a very, very complicated long list of rules on how to let a person see
    > > the data from a page or control. My question is I want to re-write the
    > > security object and I am looking for suggestions as to what the best
    > > way to do this would be.
    > >
    > > Any suggestions?
    > >

    >
    >
    >
    >
    seal, Jul 14, 2005
    #3
  4. Hello seal,

    so if it all boils down to groups - IPrincipal is the perfect place - you
    may not even have to create your own implementation, just couple the user
    with your application roles in Application_AuthenticateRequest.

    i have a sample which may get you started:
    http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick
    >
    > Thanks for the response. By Secutiy Object, I mean my own dll that
    > will handle the decision that a particular client that is part of a
    > particular group (defined by us, in this case lets say a data_entry
    > user vs. an administrator user) can or cannot see data on a page. We
    > need to restrict some users to only see their clients and others can
    > see their clients as well as clients that they have what we call a
    > partnership with. I was going down the path of creating my own custom
    > object that would use the IPrincipal interface and each page in our
    > database would have a particular role assiged to it, so that if a user
    > does not match the role he would be re-directed to a page that
    > politely tells him he cannot see this clients data. Make any sense?
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hello seal,
    >>
    >> What do you mean with Security Object??
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi
    >>>
    >>> I work for a company that has user and user roles in the database
    >>> and a very, very complicated long list of rules on how to let a
    >>> person see the data from a page or control. My question is I want to
    >>> re-write the security object and I am looking for suggestions as to
    >>> what the best way to do this would be.
    >>>
    >>> Any suggestions?
    >>>
    Dominick Baier [DevelopMentor], Jul 14, 2005
    #4
  5. seal

    seal Guest

    Dominick

    Thank you for taking the time to respond, I feel better knowing that I was
    going down the right path. Thanks for the examples as well.



    "Dominick Baier [DevelopMentor]" wrote:

    > Hello seal,
    >
    > so if it all boils down to groups - IPrincipal is the perfect place - you
    > may not even have to create your own implementation, just couple the user
    > with your application roles in Application_AuthenticateRequest.
    >
    > i have a sample which may get you started:
    > http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hi Dominick
    > >
    > > Thanks for the response. By Secutiy Object, I mean my own dll that
    > > will handle the decision that a particular client that is part of a
    > > particular group (defined by us, in this case lets say a data_entry
    > > user vs. an administrator user) can or cannot see data on a page. We
    > > need to restrict some users to only see their clients and others can
    > > see their clients as well as clients that they have what we call a
    > > partnership with. I was going down the path of creating my own custom
    > > object that would use the IPrincipal interface and each page in our
    > > database would have a particular role assiged to it, so that if a user
    > > does not match the role he would be re-directed to a page that
    > > politely tells him he cannot see this clients data. Make any sense?
    > >
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> Hello seal,
    > >>
    > >> What do you mean with Security Object??
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> Hi
    > >>>
    > >>> I work for a company that has user and user roles in the database
    > >>> and a very, very complicated long list of rules on how to let a
    > >>> person see the data from a page or control. My question is I want to
    > >>> re-write the security object and I am looking for suggestions as to
    > >>> what the best way to do this would be.
    > >>>
    > >>> Any suggestions?
    > >>>

    >
    >
    >
    >
    seal, Jul 15, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmF5YnVmZmV0?=
    Replies:
    9
    Views:
    838
    Phillip Williams
    Feb 21, 2006
  2. Aaron
    Replies:
    1
    Views:
    339
    John C. Bollinger
    Aug 4, 2003
  3. Marco
    Replies:
    1
    Views:
    2,399
    Roedy Green
    Jan 28, 2006
  4. Akram Baig
    Replies:
    0
    Views:
    319
    Akram Baig
    Apr 7, 2011
  5. Replies:
    0
    Views:
    220
Loading...

Share This Page