PrincipalPermission - roles seperate from permissions
Posted
by Leblanc Meneses
on Stack Overflow
See other posts from Stack Overflow
or by Leblanc Meneses
Published on 2010-05-03T18:11:40Z
Indexed on
2010/05/03
18:18 UTC
Read the original article
Hit count: 347
I've been using PrincipalPermission for a while in wcf services. [PrincipalPermission(SecurityAction.Demand, Role = SecurityRoles.CanManageUsers)]
although now i have a requirement to simplify roles by business unit. - currently aspnet_roles has fine grained can* permissions.
Here is my approach and wanted to see if anyone can provide feedback, code review before i implement my suggestion.
1) aspnet_roles - business unit role
2) create permission table and Role_Permission table and User_Permission table (many to many)
3) create custom CodeAccessSecurityAttribute + that looks at new tables [CustomPermissionCheck(Security.Demand, HasPermission="can*")] first iteration i'll statically new the dependent repository.. ideally i would like an aop style attribute that has repository injected IPermissionRepository.HasPermission(...);
If i approach new aop way i probably will stop inheriting from CodeAccessSecurityAttribute -- what do the security guys have to say about this?
has anyone else solved this, is there something in the framework that i've missed?
© Stack Overflow or respective owner