DynamicData Custom Roles/Security Per Table

Question

I have a dynamic data ASP.NET application with a requirement to give some users tables X, Y, and Z and others only X and Z. All 3 of these tables are using the standard ListDetails page templates, and we really want to avoid creating custom pages for x, y, and z. What is the best way to handle this security?

All of our permissions are stored in a customer user class with boolean properties. So in this example, we have CanViewX, CanViewY, and CanViewZ.

We do not want to hard code the table name into the code.

EDIT
It dawned on me that this may have needed a little more explanation now that it has a bounty on it... We are using the DynamicData framework and we would like to avoid creating customer pages for the list, listdetails, edit, etc. for each of the different tables that will be accessible in the site. We have special requirements that would prevent one user from touching table A, but they can touch B, and C. While other users may only be able to touch A and B.

We are looking for a recommendation and solution on how to handle this without having to hardcode the table names anywhere in our code.

Answer 1

C#:

protected void Page_Load(System.Object sender, System.EventArgs e)
{
  ToggleTables();
}

private void ToggleTables()
{
tableXid.Visible = canviewx();
tableYid.Visible = canviewy();
tableZid.Visible = canviewz();
}

Answer 2

Have you tried following the steps in this project:

http://csharpbits.notaclue.net/2008/05/introduction-this-project-is-going-to.html

Hope that helps.

Answer 3

As well as the article from my blog mentioned earlier you could also look at the Securing Dynamic Data sample on codeplex which uses a Route Handler.

Answer 4

I would like to mention that in the new Dyanmic Data Preview 3 there is a new feature DomainService which supports Roles based security please see David Ebbo's Serssion from MIX09 here Microsoft ASP.NET 4.0 Data Access: Patterns for Success with Web Forms MIX09-T47F