Re: Manually set custom permissions based on User
From: Angelos Karantzalis (akarantzalis_at_yahoo.com)
Date: 11/03/04
- Next message: Egbert: "Asp.Net Forms authentication using Active Directory"
- Previous message: Darwin Abustan[MSFT]: "RE: C#: How do I force a server to refresh its list of security groups from an Active Directory."
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 3 Nov 2004 10:38:57 +0200
Thanks for the reply Joe,
ideally, I wouldn't like my classes to know beforehand which roles can use
them. That's just not flexible enough for my needs, not reusable at all.
That's why I wanted to avoid the PrincipalPermission & the IsInRole method,
I need to define the code access policy per user role outside my source code
:?
I've been asking around & reading through MSDN for about 2 weeks now, but it
seems that there is no framework standard way to assign permissions to roles
using a CAS-like policy file - which is unfortunate in my opinion, Java
seems to be far ahead in this area ... :?
Anyhow, it seems that I'll have to write the code to do all that myself :]
Cheers,
Angel
O:]
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eL2apJQwEHA.1524@TK2MSFTNGP09.phx.gbl...
> It sounds like you want to do role-based security and create a custom
> IPrincipal implementation so that you can segment users into various roles
> and authorize based on that. CAS is generally for deciding what the code
is
> allowed to (based on policy), regardless of the user who is executing it.
>
> There is a permission you can demand called PrincipalPermission that can
be
> used for this if you want to use the CAS-like Demand syntax, but you can
> also just call the IsInRole method on the custom IPrincipal to do the same
> thing.
>
> Many of the forms authentication samples show how to create custom
> IPrincipal classes that contain various roles.
>
> Joe K.
>
> "Angelos Karantzalis" <akarantzalis@yahoo.com> wrote in message
> news:%23Jb1FvPwEHA.2728@TK2MSFTNGP12.phx.gbl...
> > Suppose I have a piece of code that performs a "severe" calculation, ok
?
> > Let's call it Calculator.
> > Some users [ or better say "roles"] on my system should be able to use
> > that
> > code, others should not. the permission required to call the Calculator
is
> > a
> > CalculatorPermission ...
> >
> > How do I tell the system that a certain role can have the
> > CalculatorPermission, so that inside the Calulator code a I can do a new
> > CalculatorPermission.Demand() ???
> >
> > Cheers,
> > Angel
> > O:]
> >
> >
> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message
> > news:OKRyPGPwEHA.1524@TK2MSFTNGP09.phx.gbl...
> >> This is not a great idea. Verification of CAS permissions can be
> >> disabled
> >> by design, while verification of user permissions cannot. Since what
you
> >> really want is user-focused permissions, stick with that instead of
> >> adding
> >> CAS into the mix.
> >>
> >> It's also more than a little odd to have the set of permissions that
> >> needs
> >> to be requested vary depending on the active user. Normally, the
> >> required
> >> permission set remains static, and any given user either has the
> >> necessary
> >> permissions or not. Perhaps if you could give a more concrete example
of
> >> how this might be used, it might be easier for someone to suggest an
> >> appropriate appropach.
> >>
> >>
> >>
> >>
> >> "Angelos Karantzalis" <akarantzalis@yahoo.com> wrote in message
> >> news:u6lhF9OwEHA.3768@TK2MSFTNGP10.phx.gbl...
> >> > Hi, I need to set custom permissions based on the currently logged-on
> >> > user,
> >> > but I'm having some real trouble with this ...
> >> >
> >> > I can set the current user on my web app, after I authenticate using
my
> >> > own
> >> > user database.
> >> > I have created a dummy custom permission.
> >> >
> >> > My problem is that I don't know any way I can assign permissions to
> > users,
> >> > either decleratively (i.e. using an Xml file) or programmatically (
> >> > through
> >> > the .NET API ), and have the system do the necessary checks when I
call
> >> > .Demand() on my custom permission.
> >> >
> >> > Is there a "framework" way, or should I look into creating my own
> >> > little
> >> > authorization mechanism ?
> >> >
> >> > Cheers,
> >> > Angel
> >> > O:]
> >> >
> >> >
> >>
> >>
> >
> >
>
>
- Next message: Egbert: "Asp.Net Forms authentication using Active Directory"
- Previous message: Darwin Abustan[MSFT]: "RE: C#: How do I force a server to refresh its list of security groups from an Active Directory."
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Manually set custom permissions based on User"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
