开发者

Role Based Access Control (RBAC) - .Net Component [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 5 years ago.

Improve this question

In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider.

With this, we need to provide the developers (and final users) some component that can help us with the logic of managment view开发者_StackOverflow中文版s by Role (RBAC - Role Based Access Control). I couldn't find anything.

That's the idea: A user 'admin' can view 'Home' and 'Administration' pages. Well, like a developer, i don't want to write code to do this profiling. To do this, i expect to work with a component, that encapsulates this complexity. The same idea to manage events, or actions in the application

Do you know something like that? Something like Role Provider, but like a generic component, that can help me ( like the profiling in Moodle, or Joomla).

Just for the record, english isn't my navite language, and i'm still learning it.


To answer your question, yes, there are few .net components available which allows any .net applications to apply RBAC.

RBAC - Role based access control system is a method of restricting access to 'some sources or applications or some features of applications' based on the roles of users of organization. Here, restrictions can be by means of multiple permissions, those are created by administrator to restrict access, and these permissions collectively represents a role, which will be assigned to user.

And if we go slight deeper in RBAC, it basically contains 3 features. 1) Authentication - It confirms the user's identity. Usually it is done via user accounts and passwords or credentials. 2) Authorization - It defines what user can do and cannot do in an application. Ex. ‘Modifying order’ is allowed but ‘creating new order’ is not allowed. 3) Auditing of user actions on applications. - It keeps track of user's actions on applications, as well as who has granted which access to which users?

This was very basic top view picture of RBAC system.

ASP.Net Membership Component is one of the way to implement RBAC, You can also write your own system with basic functionalities.

There are some nice and helpful articles which shows brief information and implementation of RBAC.

http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles/dotnet-security-article-ressources/role-based-access-control.html

http://www.codeproject.com/Articles/875547/Custom-Roles-Based-Access-Control-RBAC-in-ASP-NET

I also recommend few ready to use components VisualGuard (@which I work) and also MemberProtect.


I wrote my own component for exactly this problem. You can interface to Windows directories and such, but in the past I did not want to manage an application's users through Windows AD, so I write my own role and privilege based subsystem for my applications.

It is not much work to do, and for me it was very worth it because I put into it exactly what I needed and no more.


I wrote mine using Postsharp, just by adding attributes to the methos which you need access control.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜