tags:

views:

1285

answers:

4
+1  Q: 

ASP.NET Security Roles AND Permissions

I'm comfortable with the ASP.NET security model whereby one can allow/deny access to users in the web.config based on what roles they are in e.g. 

<system.web>
  <authorization>
    <allow roles = "Admin" />
  </authorization>
</system.web>

However what I want to do is give the admin user a set of permissions which can then be checked e.g. an Admin user with permissions like "can print documents", "can delete document"

Is this sort of thing possible out of the box or would I need to go down a custom route?

+1  A: 

It's not there out of the box; but if you wanted to be more granular, why not have granular roles like "CanPrint", "CanDelete" rather than wider ones like "Admin"?

If they want a container type scenario as you indicate in your comments you could setup a custom IPrincipal - where, after authentication, and with each new request you look at the user's role membership ("Admin", "Public" etc.) and then override IsInRole on your IPrincipal. You can find an example here

blowdart  2009-05-14 11:56:10
I thought of this but the system I'm working on will have a lot of users so the client is keen to be able to set up predefined groups (e.g. the roles) rather than having to set individual permissions for groups of users at a time.
AJM  2009-05-14 11:58:43
+1  A: 

Yes it's possible. Create the roles you want, add the users to the roles, and then just check User.IsInRole in your code where you perform the action that requires that role.

Take a look at the Roles and MemberShip classes in System.Web.Security

PQW  2009-05-14 11:59:29
Yes I am familiar with these. However what I am wanting to do is for each role have several permissions associated with that role
AJM  2009-05-14 12:02:48
+3  A: 

You can use Azman as described in this MSDN article.

But there are a number of things I don't like about Azman, so I rolled my own as a complement to the RoleProvider (additional tables, APIs and admin tools that manage the mapping of permissions to roles).

My custom implementation is very simple:

  • M-N relationship between roles and permissions.

  • An API "HasPermission" that tests if a given principal has a given permission. This simply iterates through all roles and checks if the role has the given permission. The mapping permission-roles is cached using the ASP.NET cache for performance reasons.

Joe  2009-05-14 12:02:14
A: 

You could return PERMISSIONS instead of the ROLES in your RoleProvider.

public override string[] GetRolesForUser(string username) {
   return GetGrantedPermissions(userName);
}

Then create your admin pages to add {granted/denied} permissions to roles and of course users to roles.

dr  2009-10-16 19:52:58

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps