开发者

How to design a system to filter requests on roles?

开发者 https://www.devze.com 2022-12-14 12:07 出处:网络
I have requirement to design a WCF Service based system to filter requests on roles in C# Rules User can access X

I have requirement to design a WCF Service based system to filter requests on roles in C#

Rules
    User can access X
    SuperUser can access Y
    Admin can access Z

    Database
    Resource AccessControl
    X        User,SuperUser,Admin
    Y        Admin
    Z        Admin

How do I create a system where I can transform the开发者_如何学Gose accesscontrols into something like a hash or a calculated mathematical value so that I don't have do multiple checks like

If(user = RequestUser.Role.User||user = RequestUser.Role.Admin)
{}

Instead do something like this

 Resource AccessControl               someCalculatedHashValue
    X        User,SuperUser,Admin     ????
    Y        Admin                    ????
    Z        Admin                    ????

if(user >= someCalculatedHashValue){}

Note: there could be one to many relationshps


Can't you use a Bit Vector for your roles (i.e. a Flags enumeration)?

That way you can simply add up the bits as your "hash".


You failed to provide details about the system. Depending on the technology used there are already proven and well-known techniques to manage just that (WCF for example gives you this for "free").

The samples are probably not complete either, because the way you presented it

User, SuperUser, Admin
Admin
Admin

this could be handled with a simple enum and an int comparison and an enumeration like this:

public enum Role {
  Anonymous,
  User,
  SuperUser,
  Admin
}

if (user >= (int)Role.User) ...

But that's probably far too simple and doesn't cover your real need? In short: Can you elaborate?


You could create a custom implementation of IPrincipal that implements IsInRole by wrapping the ranking logic you describe.


Now that I look closer at your question, it sounds awfully much like ACL-based security, and not role-based security at all. You may want to take a look at this instead.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号