Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Controlling access to methods

Tags:

c#

.net

Is there a way to control access to methods to certain roles in .net. Like

class A
{
    //should only be called by Admins**
    public void Method1() { }

    //should only be called by Admins and PM's** 
    public void Method2() { }
}

I'm using windows authentication only for retrieving user names and nothing more.User roles are maintained in a different application. I think it's possible through attributes but I'm not really sure how

like image 613
Ravi Avatar asked Sep 25 '12 03:09

Ravi


People also ask

How can we prevent other classes from accessing a method?

When you declare a method in a Java class, you can allow or disallow other classes and object to call that method. You do this through the use of access specifiers. The Java language supports five distinct access levels for methods: private, private protected, protected, public, and, if left unspecified, "friendly".

How can we control access to members explain?

Access level modifiers determine whether other classes can use a particular field or invoke a particular method. There are two levels of access control: At the top level— public , or package-private (no explicit modifier).

How can we control access to members in Java?

In Java, you can use access specifiers to protect both a class's variables and its methods when you declare them. The Java language supports four distinct access levels for member variables and methods: private, protected, public, and, if left unspecified, package.

What is access control in Java?

In Java, access control tells the program how much access a variable, class or method is given. Access control is important because it affects visibility based on different access control types.


2 Answers

It it possible, I have used it on an web project that used asp.net and AzMan as the authentication.

Take a look at Code Access Security

From memory all of our methods looked something like

[Permission(SecurityAction.Demand, "Permission")]
public void Method1

It's been a while though so that might not be actually 100% correct.

I'd also highly suggest if you are going to put protection down to this level to look at a task orientated permission approach as this is much more flexible than role based permissions

like image 108
Daniel Powell Avatar answered Sep 26 '22 23:09

Daniel Powell


You can do this as follows:

class A 
{     
    //should only be called by Admins**     
    [PrincipalPermission(SecurityAction.Demand, Role="Admin")] 
    public void Method1() 
    { 
    }      

    //should only be called by Admins and PM's**      
    [PrincipalPermission(SecurityAction.Demand, Role="Admin")] 
    [PrincipalPermission(SecurityAction.Demand, Role="PM")] 
    public void Method2() 
    { 
    } 
} 

To do this Thread.CurrentPrincipal must be set to a principal that has the required roles. For example, if you enable roleManager in an ASP.NET application, Thread.CurrentPrincipal will be set to a RolePrincipal with roles from your configured RoleProvider. See this MSDN article for more info.

like image 39
Joe Avatar answered Sep 24 '22 23:09

Joe