Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Model Question 1

Status
Not open for further replies.

3587ch

Technical User
Jun 19, 2009
30
US
When setting up an asp.net application using SQL Server 2005 as the database, I can create roles in the database and assign users to the roles and then in the app limit their access to pages or objects. I have scene system where once a user is assigned to a role there is a page with many many checkboxes to allow the organization to say what that user can or cannot do. I have also scene where the role itseld determines the access for the user.

My question is how do they code the way that let's the organization make many selections for the specific user and the role they are assigned?

Thank you,
 
there are a variety of ways to code this. It's not a simple problem to solve though. some things to consider:

if you are assigning users to roles, then there is no need for user specific actions, only role specific actions. coding to a user and a role is needlessly complex.

a role can perform any number of actions within the system. an action can have one of the following states:
action explicitly allowed
action explicitly denied
action implicitly denied

actions can be standard CRUD (create, read, update delete) operations on an entity. They can also be process driven. ShipOrder, CancelPayment, OverrideDiscount. These are behavior actions and usually require multiple entities to complete the workflow.

I have only seen one implementation of this: Rhino.Security which is part of the Rhino.Stack originally created by Oren (aka Ayende Rahien). Of all the tools in the Rhino stack this is the one I still do not fully grasp in implementation. others have sworn by it and praise it's flexibility and "ease" of use.

If this is a large scale (complexity) system it would be worth the investment (time) to research this. if this is a smaller scale app (simplicity) I would just use the built-in asp.net security model which can be configured in the web.config.

Jason Meckley
Programmer
Specialty Bakers, Inc.

faq855-7190
 
Great information,

Thank you so much,
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top