Menu
All the security stuff I have worked with in the past in ASP.Net for the most part has been role based. This is easy enough to implement and ASP.Net is geared for this type of security model. However, I am looking for something a little more fine grained than simple role based security.
Essentially I want to be able to write code like this:
if(SecurityService.CanPerformOperation("SomeUpdateOperation")){
// perform some update logic here
}
I would also need row level security access like this:
if(SecurityService.CanPerformOperation("SomeViewOperation", SomeEntityIdentifier)){
// Allow user to see specific data
}
Again, fine grained access control. Is there anything like this already built? Some framework that I can drop into ASP.Net and start using, or am I going to have to build this myself?
444
Have you looked at Authorization Manager (AzMan)? http://msdn.microsoft.com/en-us/library/bb897401.aspx
It was included with Server 2003 and has had a few updates in server 2008, and comes with an MMC admin tool.
You can store you data in an xml file or AD/ADAM partition using server the 2003 version, and in server 2008 they added SQL support.
This tool lets you link your security objects together in a hierarchical structure of roles, tasks & operations.
You can use this as a role based provider in Asp.net but they also include .net classes so you can access the authorization store contents directly.
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
