Menu
In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider.
With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role (RBAC - Role Based Access Control). I couldn't find anything.
That's the idea: A user 'admin' can view 'Home' and 'Administration' pages. Well, like a developer, i don't want to write code to do this profiling. To do this, i expect to work with a component, that encapsulates this complexity. The same idea to manage events, or actions in the application
Do you know something like that? Something like Role Provider, but like a generic component, that can help me ( like the profiling in Moodle, or Joomla).
Just for the record, english isn't my navite language, and i'm still learning it.
537
This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
Using RBAC, some restrictions can be made to access certain actions of system but you cannot restrict access of certain data. The permissions and privileges can be assigned to user roles but not to operations and objects.
RBAC is a fundamentally flawed methodology for managing user identities and access permissions. Its inherent weakness lies in its unwieldy nature, reliance on manual input, and its constant need for maintenance. Dynamic organizations need dynamic access controls.
To answer your question, yes, there are few .net components available which allows any .net applications to apply RBAC.
RBAC - Role based access control system is a method of restricting access to 'some sources or applications or some features of applications' based on the roles of users of organization. Here, restrictions can be by means of multiple permissions, those are created by administrator to restrict access, and these permissions collectively represents a role, which will be assigned to user.
And if we go slight deeper in RBAC, it basically contains 3 features. 1) Authentication - It confirms the user's identity. Usually it is done via user accounts and passwords or credentials. 2) Authorization - It defines what user can do and cannot do in an application. Ex. ‘Modifying order’ is allowed but ‘creating new order’ is not allowed. 3) Auditing of user actions on applications. - It keeps track of user's actions on applications, as well as who has granted which access to which users?
This was very basic top view picture of RBAC system.
ASP.Net Membership Component is one of the way to implement RBAC, You can also write your own system with basic functionalities.
There are some nice and helpful articles which shows brief information and implementation of RBAC.
http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles/dotnet-security-article-ressources/role-based-access-control.html
http://www.codeproject.com/Articles/875547/Custom-Roles-Based-Access-Control-RBAC-in-ASP-NET
I also recommend few ready to use components VisualGuard (@which I work) and also MemberProtect.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
