Is there an ACL abstraction layer available in .net? I have seen some "best practices" documents but no good base implementation. What about the System.Security.AccessControl? Is this a good starting point?
The ACL's should work with Roles stored in DB as well as Roles by the system and for in-memory-object definitions as well as db objects or files. So it should be generic and/or easy to extend.
Should this rely on IPrincipal, IIdentity from the .net framework?
Zend has something similar in their Framework for PHP and I am searching this kind of stuff for C# instead of porting that (if there is already a standard solution or best practice implementation).
@ladislav:
It is not intended to be used only in web services, fat clients or standalone apps. Because of this I am searching an abstraction layer that can be extended by adapters for a specfic backend/platform. You're right, that I am searching something like a role based access management abstraction layer for different kind of objects and right definitions. This should not rely onto the ACLs you set for folders in filesystems. A filesystem should be a special adapter used by the ACLs implementation. For me, ACL itself is a concept and has nothing to do with filesystems. Filesystems USES an implementation of the concept of ACL (even if its mostly known in this field). The hard dependency onto Win32-api is not wanted. This is why I am asking for something generic and abstract (interface) that is commonly (and widely) used. Do you know the implementation in the zend framework (I know it is PHP but the concept works for any app, not only web based)? It is abstracted and could be used for any object in the code
Normally ACLs reside in a firewall router or in a router connecting two internal networks. You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MAC ACLs operate on Layer 2. IP ACLs operate on Layers 3 and 4.
An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource. Access control lists are also installed in routers or switches, where they act as filters, managing which traffic can access the network.
An example abstraction is the library nAcl - .NET Access Control List
... "helps you handle scenarios for a matrix of rights easily. It can also be easily extended through a Provider" ...
Features:
... but I haven't seen the usage of IPrincipal within the Interface.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With