I am in need of adding security to my application and was wondering what
could help. I am already familiar with the Identity, Principal, and
PrincipalPermission objects. Outlined below is what I am looking to try and
implement.

I need to have Roles and Rights that I assign to a user (in a custom
security application db).

Example:

User Role Rights
Bob DataItem View, Read, Write, Create (Full Control)
John DataItem View

In our code we would do something like this:

If (User.IsInRole("DataItem"))
{
// do something...
}

However what I need to be able to do is also something like the following:

if (User.IsInRole("DataItem") && User.HasPermission("Write"))
{
// Show the save button
}
else
{
// Don't show save button..
}

This is just a very small example... We are in the process of building a
large application with several thousand users and we have multiple levels and
type of security needed. To help keep the number of roles down to a minimum
we want to couple it with Rights (or permissions) similar to how most network
security works.

We could probably just extend the Principal object to handle this but I want
to fish for other options as well if anybody has run into any. Since there
are tons of objects in the framework there may already be something I can
inherit from or use that does this. I just have not been able to find it.

Any help, comments, ideas would be appreciated. It can be in either 1.1 or
2.0 doesn't matter...

Have you taken a look at AzMan (Authorization Manager)? It's meant for
precisely this sort of fine-grained control over user permissions. For an
introduction to AzMan, see
http://www.microsoft.com/technet/pro.../athmanwp.mspx.
For some basic details on how to use it, you might want to take a look at
http://msdn.microsoft.com/library/en...AGHT000019.asp -- even
though it's got a bit of content that's specific to ASP.NET 2.0, most of the
document is actually applicable to any use of AzMan.



"JCauble" <(E-Mail Removed)> wrote in message
news:2554A1CC-EAF2-4606-ABC8-(E-Mail Removed)...
>I am in need of adding security to my application and was wondering what
> could help. I am already familiar with the Identity, Principal, and
> PrincipalPermission objects. Outlined below is what I am looking to try
> and
> implement.
>
> I need to have Roles and Rights that I assign to a user (in a custom
> security application db).
>
> Example:
>
> User Role Rights
> Bob DataItem View, Read, Write, Create (Full Control)
> John DataItem View
>
> In our code we would do something like this:
>
> If (User.IsInRole("DataItem"))
> {
> // do something...
> }
>
> However what I need to be able to do is also something like the following:
>
> if (User.IsInRole("DataItem") && User.HasPermission("Write"))
> {
> // Show the save button
> }
> else
> {
> // Don't show save button..
> }
>
> This is just a very small example... We are in the process of building a
> large application with several thousand users and we have multiple levels
> and
> type of security needed. To help keep the number of roles down to a
> minimum
> we want to couple it with Rights (or permissions) similar to how most
> network
> security works.
>
> We could probably just extend the Principal object to handle this but I
> want
> to fish for other options as well if anybody has run into any. Since
> there
> are tons of objects in the framework there may already be something I can
> inherit from or use that does this. I just have not been able to find it.
>
> Any help, comments, ideas would be appreciated. It can be in either 1.1
> or
> 2.0 doesn't matter...