Hi, I have a desktop Human Resource (HR) application developed in WPF(C#|.NET 3.5) that does some employee management work for the HR,I need to implement user groups based security,meaning that I need to manage users who can access the system(username /password) and also give them CRUD Right and Screen Rights.Is that any basic framework I can build over or should I start from scratch? Any feedback, suggestion,links regarding this?
Thanks in advance.
I would look into Active Directory if you think it will be in use where you are deploying the system.
I've got bad news for you. This is one of those situations where you can't cheat. You pretty much have to start from scratch. Just do a search and you can see that there aren't any generic frameworks specifically designed for implementing security in different types of applications.
However, .NET does have a powerful, if not easy to understand, code access (code or user based) security model. If you're serious about security, you should find a good book on the subject and read it. Because truly the hardest part of the whole thing is understanding how it works. Once you get that nailed down implementing it in your code is relatively easy.
Sounds like the best bet for you would be to base it on Active Directory groups - especially if you're using (or can use) Windows Authentication.
Do you have a server tier, or are your clients accessing the database directly? If so (direct db access), you can set permissions directly in the database, according to the groups / db roles.
Alternatively, if you do have a server tier, you can use .NET roles to control access to the different system methods. This can either be based on AD groups, or can be populated from a DB table.
Btw, if you're not getting enough granularity from roles, you could also check out AzMan...