Menu
In our system we have a way to setup users with permissions. They create a group name, for example, Admin and then assign all the permissions for the tasks they would like to do.
For example, they can add AddCompany, ViewCompany, DeleteCompany, EditCompany
This makes it very easy to make different permissions groups and we can control security very easily.
Am i right in thinking that in this instance the group name = Role and each permission is a claim?
731
In Role-based authorization, applications enforce access by roles. These roles can be used in authorized attributes in your code. Alternatively, claims-based authorization enforces permissions by using information about the user rather than relying on a single role declaration.
ClaimsPrincipal exposes a collection of identities, each of which is a ClaimsIdentity. In the common case, this collection, which is accessed through the Identities property, will only have a single element. The introduction of ClaimsPrincipal in .
Claims-based authentication requires the availability of a security token service (STS) running on a server. An STS server can be based on Active Directory Federation Services (AD FS) V2, or any platform that provides the official STS protocol.
A claim is a name value pair that represents what the subject is, not what the subject can do. For example, you may have a driver's license, issued by a local driving license authority. Your driver's license has your date of birth on it.
Roles-based authorization is used to group users into groups (roles) and then set permissions on the role rather than on individual users.
E.g: In your case you can create Admin role and provide permission to do "AddCompany, ViewCompany, DeleteCompany, EditCompany" tasks.
In this case easier to manage large set of users through small set of roles. This is the most commonly used model for authentication.
Claims-based authorization provides additional layers of abstraction on your authorization strategy. Further, claims are a method of providing information about an user rather than group of users. You create authorization policies that are used to generate a claim-set based on the authentication evidence presented by the user. Then the user presents claims to the application in order to access resources.
A claim is a statement that one subject makes about itself or another subject. The statement can be about a name, identity, key, group, privilege, or capability, for example. Claims are issued by a provider, and they are given one or more values and then packaged in security tokens that are issued by an issuer, commonly known as a security token service (STS)
Resources : http://msdn.microsoft.com/en-gb/library/ff649821.aspx
http://msdn.microsoft.com/en-gb/library/ff649821.aspx
http://msdn.microsoft.com/en-gb/library/ff359101.aspx
Hope this helps.
120
Roles are claims, but not all claims are roles.
In a claims-based authorization system, you may use roles as permissions, but you may use something else as well. On my current project, we have a many to many mapping from roles to permissions.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
