Roles vs. Capability concept for the Role Managers in .NET?

Discussion in 'ASP .Net Security' started by Vince Varallo, May 31, 2007.

  1. Hello

    I'm looking at using the Role Manager features in .NET 2.0 and am a little
    confused. The concept of a role that I'm used to is that a role is composed
    of capabilities. For example, the System Administrator role has access to
    the "Create User" capability and the "Create Role" capability. I can then
    put more than one user in the System Administrator role.

    From what I'm reading about the roles defined in .NET is that a role is
    really a capability and user's are granted access to that role, so you don't
    really create a "role" with capabilities and then put users in that role. It
    seems like you have to associate roles with each user and you really don't
    have the concept of the capabilities being grouped in a role.

    I'm I missing something here?

    Thanks in advance,

    Vince
     
    Vince Varallo, May 31, 2007
    #1
    1. Advertising

  2. thats right.

    If you want something more sophisticated - have a look at Microsoft Authorization
    Manager.


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > Hello
    >
    > I'm looking at using the Role Manager features in .NET 2.0 and am a
    > little confused. The concept of a role that I'm used to is that a
    > role is composed of capabilities. For example, the System
    > Administrator role has access to the "Create User" capability and the
    > "Create Role" capability. I can then put more than one user in the
    > System Administrator role.
    >
    > From what I'm reading about the roles defined in .NET is that a role
    > is really a capability and user's are granted access to that role, so
    > you don't really create a "role" with capabilities and then put users
    > in that role. It seems like you have to associate roles with each
    > user and you really don't have the concept of the capabilities being
    > grouped in a role.
    >
    > I'm I missing something here?
    >
    > Thanks in advance,
    >
    > Vince
    >
     
    Dominick Baier, May 31, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,127
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    504
    Liet Kynes
    Nov 26, 2003
  3. David
    Replies:
    5
    Views:
    492
    David
    Nov 11, 2004
  4. J
    Replies:
    0
    Views:
    1,003
  5. Kursat
    Replies:
    1
    Views:
    326
    Dominick Baier
    May 7, 2007
Loading...

Share This Page