开发者

Module Based Security

开发者 https://www.devze.com 2022-12-18 06:02 出处:网络
I am trying to create an application that is based on module level security. The ide开发者_如何学运维a is we would have a user login, grab there roles, grab the pages those roles have access to then i

I am trying to create an application that is based on module level security. The ide开发者_如何学运维a is we would have a user login, grab there roles, grab the pages those roles have access to then in those pages grab the modules they have access to then the functions inside the modules they have access to (list, create, edit, delete). That way in an admin screen someon could allow or deny modules and module functions to groups.

Has anyone seen any sample projects like this or have ANY clue on how to implement this? I would really like to try this on a n-layer architecture.


Create your site with a basic membership system. Group your pages into folders and have Web.Config files in each to control access. This is all out-of-the-box functionality for the most part. The only custom code you would have to write is when creating an admin form.

As for the fine grain access, if they can't access the pages, they can't access their methods...

http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

UPDATE:

if User.IsInRole("Administrator")...

https://web.archive.org/web/20181010194753/http://www.4guysfromrolla.com:80/articles/082703-1.2.aspx

On the same page, in the code-behind, you can check their roles programmatically and display/enable panels/modules accordingly :-)


I would use a base class for your pages to accomplish the effect you describe. In your base class you can add all of the available methods you will need, but provide an authorization method within the base class that allows methods to identify themselves based on the roles they're allowed to have. All of this could be configured with the web.config if you plan it down. A lot of times the "folder" based method for SQL membership just isn't robust enough.

I suppose as an example, you could build your own (or find one in the System.Security namespace) security enumeration to define access levels and then map access levels from your groups in AD (or wherever) to the enumerations. The methods could then use the security enumeration against your user object to determine if the user's access allows the function.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号