Re: Roles vs. Capability concept for the Role Managers in .NET?
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 May 2007 15:07:48 +0000 (UTC)
thats right.
If you want something more sophisticated - have a look at Microsoft Authorization Manager.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hello
I'm looking at using the Role Manager features in .NET 2.0 and am a
little confused. The concept of a role that I'm used to is that a
role is composed of capabilities. For example, the System
Administrator role has access to the "Create User" capability and the
"Create Role" capability. I can then put more than one user in the
System Administrator role.
From what I'm reading about the roles defined in .NET is that a role
is really a capability and user's are granted access to that role, so
you don't really create a "role" with capabilities and then put users
in that role. It seems like you have to associate roles with each
user and you really don't have the concept of the capabilities being
grouped in a role.
I'm I missing something here?
Thanks in advance,
Vince
.
- Prev by Date: Re: SqlPersonalizationProvider source code
- Previous by thread: Re: SqlPersonalizationProvider source code
- Index(es):
