Security object model .net

views:

answers:

+1 Q:

Security object model .net

Hi,

I am trying to build a simple username-password-role based security object model for my application. The requirement is that user will enter using username and password and he/she will have enable and disable access to the part of the system depending upon whatever role they fall into. which I think is fairly simple idea.

Now here my query. I have a base class in business object which gets inheriates by all other classes. In my security Project there will be few classes for e.g. Security, Identity (which contains userprofile info) etc. The idea is that my base class will use this security object and the inheriated classes can reference this security object for a given (loggedin) user. So for e.g. if I am logged into the application and I went to access the accounts module , becouse account module inheriates my base class it has the knowlege about who am I, what role I fell into etc. Hence I can have a property CanExecute in my accounts module which can be turned on/off depending upon the user's role.

Hope I tried to make this clear as possible. I really would appriciate any inputs in terms of coding and in terms of architecute.

Many thanks, Preyash

+2 A:

.net has this kind of stuff built in. Look up GenericPrincipal and authorization. Also ASP.NET has Authenication built in .

For example : http://www.15seconds.com/issue/041208.htm and here : http://www.codeproject.com/KB/security/SecurityModelDotNet.aspx

Should get you started

Preet Sangha 2010-10-13 11:44:34

Can I use GenericPrincipal (and/or Authorization) with my custom user database? I am not looking to use build in stuff like AD (for.e.g.) I would really appricate if you can point me into right direction.

activebiz 2010-10-13 11:55:24

One thing that I have forget to mention here is that this is for the WPF application and not for ASP.NET. Can I still use GenericPrincipal?

activebiz 2010-10-13 18:16:49

Oh yes. It's a .net thing not ASP.NET only. We use for all our .net apps (winforms, WPF, console, ASP.net and services)

Preet Sangha 2010-10-13 20:19:01

+1 A:

activebiz,

to recap from above:

i think you probably should use the built-in FormsAuthentication & MembershipService classes as this also gives you (for free) all the controller and action decorators [Authorize] etc, which will allow you to do what you want at contoller level straight away.

also, you get to use the authentication tickets, etc, etc. you can also build a custom profileprovider that will allow you to tie your user table directly into the profilecommon class. there are lots of good links on this stuff.

i'll look those out a bit later if you feel this might be a better route to go down.

[edit] links as promised. will add to as i find them. here's one on SO for starters:

http://stackoverflow.com/questions/79129/implementing-profile-provider-in-asp-net-mvc

and one from my old mate, lee dumond:

http://leedumond.com/blog/asp-net-profiles-in-web-application-projects/

jim 2010-10-13 12:01:15

Thanks Jim, I belive this is on the similar line on which Preet Sangha is talking. I am also thinking this is a good idea as it gives lots of things out of the box. I would appriciate if you can have a look for me. Thanks,

activebiz 2010-10-13 12:08:14

ansaurus

tags:

views:

answers:

Security object model .net

related questions