PrincipalPermission - roles seperate from permissions

Posted by Leblanc Meneses on Stack Overflow See other posts from Stack Overflow or by Leblanc Meneses
Published on 2010-05-03T18:11:40Z Indexed on 2010/05/03 18:18 UTC
Read the original article Hit count: 347

Filed under:
|
|

I've been using PrincipalPermission for a while in wcf services. [PrincipalPermission(SecurityAction.Demand, Role = SecurityRoles.CanManageUsers)]

although now i have a requirement to simplify roles by business unit. - currently aspnet_roles has fine grained can* permissions.

Here is my approach and wanted to see if anyone can provide feedback, code review before i implement my suggestion.

1) aspnet_roles - business unit role

2) create permission table and Role_Permission table and User_Permission table (many to many)

3) create custom CodeAccessSecurityAttribute + that looks at new tables [CustomPermissionCheck(Security.Demand, HasPermission="can*")] first iteration i'll statically new the dependent repository.. ideally i would like an aop style attribute that has repository injected IPermissionRepository.HasPermission(...);

If i approach new aop way i probably will stop inheriting from CodeAccessSecurityAttribute -- what do the security guys have to say about this?

has anyone else solved this, is there something in the framework that i've missed?

© Stack Overflow or respective owner

Related posts about c#

Related posts about principalpermission