Re: Role based security
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Aug 2007 05:30:41 +0000 (UTC)
You can create local Windows Groups, e.g. Manager and map the domain application groups to that local group. This way you wouldn't have to specifiy the domain in IsInRole - if the group is local you can omit the MACHINE\ part in the name.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Can some one help me.
I'm trying to build framework in .net which uses role based security.
I want to be able to defined the roles in the web config e.g Manager,
PowerUser, Guest, AnonUser
I want to be able to map NT application groups to those roles in the
web config so that in my code I can say
If Iam.Inrole("Manager") then
rather than
If Iam.Inrole("DomainName\AG_ManagersForthisApplicaiton")
the first is much simpler to use and more intuitive. I'd like to be
able to allocate the NT domain groups in the web config against the
role so that they can be changed without a recompile.
I'd also like to use this method so that if anonymous users conect
through a fire wall I can assign them a least priveldge NT identity
which I can then give the AnonUser role to.
In this way I can authorize the same way throughout the entire
application
e.g.
If Iam.Inrole("manager") then
dosomehting()
elseif Iam.Inrole("AnonUser") then
dosomethingelse()
Can any one tell me where I can find some information on how to do
this. It's seems very simple but can't find any examples of it being
used anywhere
Erick
.
- Follow-Ups:
- Re: Role based security
- From: Joe Kaplan
- Re: Role based security
- References:
- Role based security
- From: Erick
- Role based security
- Prev by Date: Role based security
- Next by Date: Re: Role based security
- Previous by thread: Role based security
- Next by thread: Re: Role based security
- Index(es):
Relevant Pages
|
|
