How to obtain fine-grained Authorization with .NET

I want to obtain 开发者_运维技巧an authorization similar to MSCRM:

In this rappresentation we see:

• Entity (Marketing List, Campaign)
• Allowed Operation (Create, Read, Write, Delete, Append, Append To, Assign, Share)
• Scope (User, Business Unit, Parent, Organization)

I have 2 Entities + 8 Allowed Operations + 4 Scopes.

I want to represent the same situation in a .NET Application. The only way I see to obtain this is to create all the groups needed to express the various combinations. In the example I need 2*8*4 = 64 groups handled in my code using methods in RoleProvider.

It seems a little bit strange for me. I'm missing some security concepts or creating 64 groups is the only way to express this level of configurability?

Thanks

Short answer: yes you have to have 64 things to indicate their permissions, 64 groups no.

We use a similar model in an application that my company develops, but we have something like this.

User Permission Levels

• Level 1
• Level 2
• Level 3
• Level 4

App Domains (Different Chunks where people may need different permissions)

• Domain 1
• Domain 2
• Domain 3
• Domain 4

Then in the admin section a user gets assigned permissions as follow:

        Domain 1    Domain 2   Domain 3   Domain 4
User A   Level 1    Level 4    Level 3     Level 3

Then in the app we say

Domain 1 Security Code

If currentUser.Islevel1 Then
  YouCanDoIT();
Else
  WhyYouHereBro();
End

Basically you assign the user a permission level for a domain and have the Security permission check only the level for that domain. Let me know if you need actual implementation details.