Is there an open rbac framework for asp.net? there a few solutions for rails but i cant find a simple rbac system for asp.net. is there something that can be used and extended?
A:
Maybe I've missed the point here, but ASP.NET ships with a pretty robust Role Provider framework - it should be very easy to find many open source implementations, if you really don't want to use the implementation that it comes with.
JoshJordan
2009-03-31 15:20:40
you're right. but as far as i know it's based on sites/url's. so you can say: role:foo can access site:bar. but what if i have different actions on a site? e.g. role user should be able to create new "contract" but only role "checker" should be able to edit certain fields and change the status.
pantarhei
2009-03-31 15:28:13
+1
A:
This article looks like a good place to start (it is best to drill into the links the author references for more information, but make sure that you read the article as well):
Implementing RBAC on .Net:
Recently I worked on RBAC (Role based access control) implementation within .Net. A comprehensive work on this topic is done by Mark Strembeck XoRBAC Home Details on RBAC concept can be found at NIST RBAC
While the design approach given in Strembeck's work was comprehensive enough to be realized on .Net, the default implementation (done on XoTcl) used extensive patterns from the language (e.g. ability to use an object as a class!), so a quick port of that to a complete .Net implementation of the design would have taken a bit of an effort in my current project. Well, instead of then implementing the solution, I selected MS Authorization Manager (I know folks will say, Dah... that would have been a no brainer). This is a small library and a management console prrovided on Windows 2003 and 2000 that implements most of the RBAC requirements.
Andrew Hare
2009-03-31 15:21:30
This uses AzMan (windows authentication), what if we want to do this using custom code and database?
Binoj Antony
2009-10-27 11:44:59