Custom Security question

From: Brett (brettwinters_at_NOSPAMhotmail.com)
Date: 10/31/03 

Date: Fri, 31 Oct 2003 01:46:22 -0800

Cole,

This is exactly the approach that I have taken. The
problem with roles (only) is that they need to be defined
in advance and hardcoded into the application. The benefit
with having an intermediate permissions list is that you
can define intrinsic permissions for a part of your
application like ("CanDelete", "CanUpdate", etc - perhaps
even "Company = 2") and then assign roles to various
combinations of permissions at the application settings
level. There is a java (shock horror!) example at
(http://developer.java.sun.com/developer/Books/ejbtechnolog
y/ch14.pdf) on page 21, but you lose the ability to
User.IsInRole("Admin")

In the end I decided to create a custom IPrincipal with a
shadow Permission list (a copy of the Role list) so you
get MyPrinciple.HasPermission("CanDelete") - of course
you lose declarative security...

Another way is to think "permission" when you work with
roles in IPrincipal and handle the assignment of roles to
permissions at an application settings level.

But all this is not very elegant, so I would be interested
if someone has a better solution perhaps along the java or
Microsoft code access security line. I heard that a
security application block was in the works?

Let me know how you get on...

Regards

Brett

>-----Original Message-----
>Hi all,
>
>I am wanting to implement a custom security solution for
my app, but am not
>quite sure how to implement it. Basically, I will have
database tables
>which will store Users, Roles, and Permissions.
>A user can be in multiple Roles and each Role has
Permissions associated
>with it. I understand the Identity and Principal
classes, but am quite
>confused when it comes to Permission. I don't want Code
Access Security, I
>simply want to be able to check if a user has a certain
permission based on
>the Roles they are associated with. Is there a way I can
do this be
>implementing IPermission, or do I just need to skip
IPermission altogether??
>
>Thanks,
>Cole Shelton
>Interworks, Inc
>
>
>.
>

Relevant Pages

  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
  • Re: get rid of security center?
    ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ... settings from being changed again. ... the firewall alert settings in Security Center get ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Password Protect IExplore
    ... You can protect the files and folders you store on your computer to make ... To set, view, change, or remove special permissions for files and folders ... clear the Inherit from parent the permission entries that apply ... To configure security so that the subfolders and files will not ...
    (microsoft.public.internet.explorer.ieak)
  • Re: Removing the Internet Security in SP2
    ... I have come up with a solution that does not disable Security Center, ... By changing the Permissions of that key, ... settings from being changed again. ... the firewall alert settings in Security Center get ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Any way to remove ADMIN$ only?
    ... partition to allow you to set local permissions. ... Network Security Specialist ... Any way to remove ADMIN$ only? ... default security of Windows drives. ...
    (Focus-Microsoft)