Menu
I'm comfortable with the ASP.NET security model whereby one can allow/deny access to users in the web.config based on what roles they are in e.g.
<system.web>
<authorization>
<allow roles = "Admin" />
</authorization>
</system.web>
However what I want to do is give the admin user a set of permissions which can then be checked e.g. an Admin user with permissions like "can print documents", "can delete document"
Is this sort of thing possible out of the box or would I need to go down a custom route?
638
ASP.NET offers a Roles framework for defining roles and associating them with user accounts. With the Roles framework we can create and delete roles, add users to or remove users from a role, determine the set of users that belong to a particular role, and tell whether a user belongs to a particular role.
For role-based authorization, the customer is responsible for providing the user ID, any optional attributes, and all mandatory user attributes necessary to define the user to Payment Feature Services. The customer must also define the roles that are assigned to the user.
You can use Azman as described in this MSDN article.
But there are a number of things I don't like about Azman, so I rolled my own as a complement to the RoleProvider (additional tables, APIs and admin tools that manage the mapping of permissions to roles).
My custom implementation is very simple:
M-N relationship between roles and permissions.
An API "HasPermission" that tests if a given principal has a given permission. This simply iterates through all roles and checks if the role has the given permission. The mapping permission-roles is cached using the ASP.NET cache for performance reasons.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
