All geek questions in one place

Finding an authorization structure for use in an ASP.NET MVC project

I have an asp.net mvc project and persistent is being processed by repositories. Form authentication is used. Now I need to perform authorization. For example, I need the user manager to only be able to open his tasks and assign employees to tasks. The employee will see only the tasks that were assigned to him. A super moderator can edit everything. Are there any frameworks ready to use that allow me to define permissions?

I am involved in the safety assessment of Ayende Rhino. Where can I get more sample codes? How do you feel about Rhino security? My project uses Linq for SQL and did not use NHibernate. Can Rhino Security work without NHibernate?

+4
source share
3 answers

I'm afraid Rhino Security depends on Nhibernate to work.
I have been evaluating Rhino Security for several months, and in the end I decided to use it because it is a really really good product.
You can find useful information about the Ayende blog or here . I stumbled a bit to integrate it with StructureMap (instead of Castle Windsor). Here you can find information.
To do what you are trying to achieve, you need to define a class that implements the IEntityInformationExtractor interface.

First of all, you should add the following links (I recompiled Rhino Security with NH 3.0):

  • Microsoft.Practices.ServiceLocation
  • NHibernate
  • NHibernate.ByteCode.Castle
  • Structuremap
  • Rhino.Security
  • StructureMapAdapter

Then you define the bootloader:

public static class Bootstrapper { public static void Initialize() { ObjectFactory.Initialize(cfg => { cfg.UseDefaultStructureMapConfigFile = false; cfg.IgnoreStructureMapConfig = true; cfg.AddRegistry<StructureMapRegistry>(); }); ServiceLocator.SetLocatorProvider(() => new StructureMapServiceLocator(ObjectFactory.Container)); } }

Then you define the StructureMap registry class:

 public class StructureMapRegistry : Registry { public StructureMapRegistry() { string ConnDb = "Data Source=(local); Initial Catalog=RhinoSecurity_Test; Trusted_Connection=true;"; For<ISessionFactory>() .Singleton() .TheDefault.Is.ConstructedBy(() => new NHSessionFactory(ConnDb, false).SessionFactory); For<ISession>() .Singleton() .TheDefault.Is.ConstructedBy(x => x.GetInstance<ISessionFactory>().OpenSession()); For<IAuthorizationRepository>() .Use<AuthorizationRepository>(); For<IPermissionsService>() .Use<PermissionsService>(); For<IAuthorizationService>() .Use<AuthorizationService>(); For<IPermissionsBuilderService>() .Use<PermissionsBuilderService>(); For<IEntityInformationExtractor<Model.Task>>() .Use(p => { return (new TaskInfromationExtractor(p.GetInstance<ISession>())); }); } }

NHSessionFactory basically create an NH factory session.

I created a class ( TaskInfromationExtractor ) that implements IEntityInformationExtractor. This will allow you to define permissions for the task object. Now your application is ready. You just need to create a "bootstrap" structure structure:

  • Bootstrapper.Initialize ();

You will do this when your application starts. Now you can use the Rhino repository and security services to create users, groups, relationships, etc. As the links that I offer you. You can find the sample that I prepared here.

+5
source

I think asp.net mvc attributes would be good for such a task.

First you need to create a list of roles and somehow associate it with the user. Than you need to store user roles in the session after logging in. Then mark the controllers or actions with this attribute. In the attribute, you pass the roles to be performed. In the implementation of the attribute you just need to check if the user has some role, and then do nothing, otherwise redirect to an unauthorized page. Or throw some kind of custom exception and redirect to global.asax.

Mb check this article for sample code.

+1
source

See also this one. It is easy to use.

http://code.google.com/p/saf-framework/

+1
source

Source: https://habr.com/ru/post/1337390/

More articles:


All Articles