views:

356

answers:

3

Hi, we're developing a web app to cover all aspects of a printing company from finances, to payroll, to job costing. Its important to be able to control who can access what parts of these applications. Don't want a line employee giving himself a raise, etc...

I've heard of the concept of ACL & ACO, but haven't found a good example that we could adapt to our project.

Anyone know where I can find good information to work from?

+1  A: 

I've had to implement that type of security a couple of times. Unfortunately I don't know of any really good articles that provide examples. My implementations were mainly piecing together the parts through trial and error.

However, I did come across this link on MSDN:

http://msdn.microsoft.com/en-us/library/52kd59t0(VS.71).aspx

It has some of the concepts.


After my original post, I did some more research. I found this article:

http://www.aspfree.com/c/a/C-Sharp/Implementing-Role-Based-Security-using-CSharp/

it seems pretty promising, I didn't go through all the details, but it at least guides you through the high-level topics.

Jay Mooney
+1  A: 

If you're using .NET/Windows you might want to look into Windows Authorization Manager (AzMan). There are support for AzMan in Enterprise Library but there are other ways of using it as well.

http://msdn.microsoft.com/en-us/library/ms998336.aspx http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAuthorizationManager.html

Manga Lee
+2  A: 

A brief rundown on ACLs, where they should be used and how they should be structured and implemented for various applications and user levels can be found here:

LINK

Pascal