asp.net Membership : Extending Role membership?

Question

Hi there,

I am been taking a look at asp.net membership and it seems to provide everything that i need but i need some kind of custom Role functionality.

Currently i can add user to a role, great.

But i also need to be able to add Permissions to Roles..

i.e.

Role: Editor Permissions: Can View Editor Menu, Can Write to Editors Table, Can Delete Entries in Editors Table.

Currently it doesn't support this, The idea behind this is to create a admin option in my program to create a role and then assign permissions to a role to say "allow the user to view a certain part of the application", "allow the user to open a menu item"

Any ideas how i would implement soemthing like this?

I presume a custom ROLE provider but i was wondering if some kind of framework extension existed already without rolling my own?

Or anybody knows a good tutorial of how to tackle this issue?

I am quite happy with what asp.net SQL provider has created in terms of tables etc... but i think i need to extend this by adding another table called RolesPermissions

and then I presume :-) adding some kind of enumeration into the table for each valid permission??

THanks in advance

Answer 1

You can programmatically permit or not permit to the user to see some pages, or do some actions using for example the function IsInRole, and check if you let or not a user to do some actions.

HttpContext.Current.User.IsInRole("rolename")

You can make a class/or table with your permissions, and depend from the role that a user belong, to open, close, permit etc a lot of thinks on the same page. I have programming an idea like that on my programs, is very simple.

Here is an idea...

public enum csPermissions
{
    pActionDelete = 1,   
    pActionEdit = 2 , 
    ...more actions...
}

private int[] AdminPermission = { 
    (int)csPermissions.pActionEdit, 
    (int)csPermissions.pActionDelete, 
    ....
};

private int[] BackOfficePermission = { 
    (int)csPermissions.pActionEdit, 
    ....
}; 

public static bool IsThisAllowed(csPermissions AskPermitForThisAction)
{
    ... questions here for all users roles...
    ... here is only an example .....
    if (HttpContext.Current.User.IsInRole("Administator")))
    {
        for (int i = 0; i < AdminPermission.Length; i++)
            if (AdminPermission[i] == (int)AskPermitForThisAction)
                return true;
    } 

    ...  
    return false;
 }

Hope this help.

Answer 2

You can use the framework to restrict access to entire pages or directories based upon roles. This can be configured in the web.config's authorization element. http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

Additionally, if you're using a SiteMap for your menu, and have configured authorization, you can use security trimming to restrict the menu. http://www.google.com/search?q=asp.net+security+trimming