tags:

views:

171

answers:

1
Q: 

C#/ASP.NET Custom Permissions to Perform Specifc Action

I'm building an web application that I want users to have specific permissions to perform a specific action. I don't want to use the default permission and role providers in ASP.NET.

I was thinking of having each User associated with a Role. Each Role is mapped to a set of Permissions (CreatePost, ReadPost, UpdatePost, DeletePost and so on).

I have a couple of questions regarding this. Would it be best to have a boolean property for each Permission on the role or some sort of bitfield? I like the idea of having methods for this but properly need to map these to the permissions stored for the role in the database.

Also, how would I implement this for each action/request? I'm thinking something along the lines of what was posted here but I'm not really sure.

Thanks!

A: 

Make your own role provider and register it in the web.config. Look at the MSDN for a sample. Once it is registered it will associate the roles you provide with the principal.

I've just done that for one of my project and it works fine.

To check whether the user has permission to execute a task you'll have to see whether the user is in the required role. In "normal" ASP.NET you will have to do this in code. In MVC you can do that with attributes on each class/method in the controller.

Obalix  2010-02-19 14:36:28
"In 'normal' ASP.NET you will have to do this in code." - this is not true. Have a look at the PrincipalPermissionAttribute (http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermissionattribute.aspx) The default Membership API provider hooks into CAS, and so can your custom provider.
Nathan  2010-02-19 16:14:43
The biggest problem with using ASP.NET providers is that you have to override a lot of members. Also if I don't use a specific method, I have to throw a NotImplementedException() which isn't very nice in my opinion.How could I use custom attributes and have my own role implementation without using the Role Provider?
TheCloudlessSky  2010-02-19 16:32:51
True, in most cases (membership and profile providers) the implementation is littered with NotImplementedExceptions. However, the RoleProvider has not so many methods and there fore only the methods that cereate, delete, and change the roles will return NotImplementedExceptions, which IMHO makes it worth using it. The problem is that if you do not use the RoleProvider it is quite difficult to attach the roles to the pricipal created by the authentication of ASP.NET.
Obalix  2010-02-19 17:01:48
@Obalix: see my post above to @casperOne regarding my permission "inheritance" issue. Essentially I don't want to have to hard code "Roles" in the code. I want it to be "does user have permission to do this action?". They would get their permission *because* they are a memeber of a specific role.
TheCloudlessSky  2010-02-19 17:08:33

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?