How to implement role based security using Dynamic Data and Active Directory?
https://stackoverflow.com/questions/604175
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What is the best way to implement security using active directory roles on an asp.net dynamic data site?
I would like to restrict certain views (and the related links) to certain roles. i.e. user A can only view list actions for table x and user B can only view list actions for table y
Solution
I have a number of articles on this on my blog here A DynamicData Attribute Based Permission Solution using User Roles and here DynamicData: Database Based Permissions - Part 1 and I would also have alook at Securing Dynamic Data sample on codeplex which uses a Route Handler.
OTHER TIPS
I have done this in many applications.
Have Windows Authentication enabled for your application.
Make some object that can store user credentials and have that object stored in the session for quick retreival. If it is not there you can quickly rebuild it. I usually have each roles set to a bit eg:
enum USER_ROLE : int
{
Role1 = 1,
Role2 = 2,
Role3 = 4,
Role4 = 8,
etc
}
if (Context.User.IsInRole("Roll1Name")) YourUserObject.Roles += USER_ROLE.Role1;
if (Context.User.IsInRole("Roll2Name")) YourUserObject.Roles += USER_ROLE.Role2;
etc
Then anytime a control needs to be secured, I pass it into a function that takes an HtmlControl and a property based on the user's role and the security requirement for that control.
Eg. bool SetControlSecurity(HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)
So an example for doing a panel might be:
SetControlSecurity(pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);
I usually also have it take in a param to the type of action to perform on fail of security like hide, readonly, clear data, etc...
Comparing the role in the function is easy:
bool bHasAccess = ((iUserRole & iControlRoles) > 0);
if (bHasAcess)
{
// leave the control or make sure it is visible etc
}
else
{
// take action to secure the control based on the action
}
Hope that helps.
You can just use the ASP.NET Active Directory Memebrship & Role providers to authenticate \ authorize the users to the application. Then you can call the Roles.IsUserInRole where ever you want to check for the AD role membership to check users are a part of the relevant group(s) before rendering the contents.
