Role based security - where are permissions/operations ?

Discussion in 'ASP .Net Security' started by A Mackie, Oct 19, 2004.

  1. A Mackie

    A Mackie Guest

    I want to use role based security in ASP.NET, but can't see how assigning permissions/operations to a role is done. IsInRole can check a user is in a role - but how can I check a user has access to an operation that is assigned to a role ?

    Operations will be fixed at design time. However assigning operations to one or more roles must be completely configurable at run time, as is assigning users to multiple roles. Roles must also be user-definable at run-time. Similar to what Windows Authorization Manager provides, where users and roles are custom definable as is assignments to operations, which can then be checked at runtime with AccessCheck.

    Is similar functionality available in ASP.NET role based security, to allow granular operations assigned to user-definable roles, which can then be checked at run-time ?

    Thanks,
    Andy Mackie.
     
    A Mackie, Oct 19, 2004
    #1
    1. Advertising

  2. You really need to use AzMan if you want a very granular mechanism for
    assigning permissions to your individual operations. ASP.NET will work fine
    with AzMan if you are using Windows security, so that shouldn't be a
    problem.

    If you can't use AzMan but want similar functionality, then you may need to
    implement your own framework that does similar stuff.

    Joe K.

    "A Mackie" <> wrote in message
    news:...
    >I want to use role based security in ASP.NET, but can't see how assigning
    >permissions/operations to a role is done. IsInRole can check a user is in a
    >role - but how can I check a user has access to an operation that is
    >assigned to a role ?
    >
    > Operations will be fixed at design time. However assigning operations to
    > one or more roles must be completely configurable at run time, as is
    > assigning users to multiple roles. Roles must also be user-definable at
    > run-time. Similar to what Windows Authorization Manager provides, where
    > users and roles are custom definable as is assignments to operations,
    > which can then be checked at runtime with AccessCheck.
    >
    > Is similar functionality available in ASP.NET role based security, to
    > allow granular operations assigned to user-definable roles, which can then
    > be checked at run-time ?
    >
    > Thanks,
    > Andy Mackie.
     
    Joe Kaplan \(MVP - ADSI\), Oct 19, 2004
    #2
    1. Advertising

  3. A Mackie

    A Mackie Guest

    Joe Kaplan (MVP - ADSI) wrote:
    > You really need to use AzMan if you want a very granular mechanism for
    > assigning permissions to your individual operations. ASP.NET will work fine
    > with AzMan if you are using Windows security, so that shouldn't be a
    > problem.
    >
    > If you can't use AzMan but want similar functionality, then you may need to
    > implement your own framework that does similar stuff.


    AzMan has the functionality I need, but it's storage of data is a problem. Either XML file on disk - OK for development but not for production; or in Active Directory, which not all customers will have or want. If AzMan could store it's data in SQL Server, that would be ideal, but it doesn't seem to support this, so doesn't integrate well with database applications. The ASP.NET v2.0 role manager does integrate well with SQL Server, but lacks the functionality of AzMan.

    It looks like granular permission checking for true role based access control (RBAC), which also integrates well with SQL Server, will need custom coding, and isn't something that appears to be addressed in ASP.NET v2.0.

    Am I missing something here ? This would appear to be a very common need, so I find it hard to believe that .NET doesn't provide a solution for this, other than "code-it-yourself".

    Thanks,
    Andy Mackie.
     
    A Mackie, Oct 20, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,126
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    503
    Liet Kynes
    Nov 26, 2003
  3. Boris Condarco

    Custom Role Based Security

    Boris Condarco, Nov 28, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    854
    Tommy
    Nov 28, 2003
  4. Suneel Jhangiani

    Role based Security and Permissions

    Suneel Jhangiani, Jun 3, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    129
    Suneel Jhangiani
    Jun 3, 2004
  5. Kursat
    Replies:
    1
    Views:
    324
    Dominick Baier
    May 7, 2007
Loading...

Share This Page