Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / August 2007

Tip: Looking for answers? Try searching our database.

Role based security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Erick - 27 Aug 2007 01:24 GMT
Can some one help me.
I'm trying to build framework in .net which uses role based security.

I want to be able to defined the roles in the web config e.g
Manager, PowerUser, Guest, AnonUser

I want to be able to map NT application groups to those roles in the
web config so that in my code I can say

If Iam.Inrole("Manager")  then
rather than
If Iam.Inrole("DomainName\AG_ManagersForthisApplicaiton")

the first is much simpler to use and more intuitive.  I'd like to be
able to allocate the NT domain groups in the web config against the
role so that they can be changed without a recompile.

I'd also like to use this method so that if anonymous users conect
through a fire wall I can assign them a least priveldge NT identity
which I can then give the AnonUser role to.

In this way I can authorize the same way throughout the entire
application
e.g.

If Iam.Inrole("manager") then
dosomehting()
elseif Iam.Inrole("AnonUser") then
dosomethingelse()

Can any one tell me where I can find some information on how to do
this.  It's seems very simple but can't find any examples of it being
used anywhere

Erick
Reply to this Message
Dominick Baier - 27 Aug 2007 06:30 GMT
You can create local Windows Groups, e.g. Manager and map the domain application
groups to that local group. This way you wouldn't have to specifiy the domain
in IsInRole - if the group is local you can omit the MACHINE\ part in the
name.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Can some one help me.
> I'm trying to build framework in .net which uses role based security.
[quoted text clipped - 27 lines]
>
> Erick
Reply to this Message
Joe Kaplan - 27 Aug 2007 16:13 GMT
You can also write your own "mapper" that would generate an IPrincipal
object based on the current authenticated user's WindowsPrincipal and map
that user's groups to app-specific roles.  Writing something like that would
not be too hard.  A framework like AzMan already does something like that
for you, although it is more sophisticated.  It is probably the right thing
to look at here though.

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> You can create local Windows Groups, e.g. Manager and map the domain
> application groups to that local group. This way you wouldn't have to
[quoted text clipped - 38 lines]
>>
>> Erick
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.