User-Configurable Security on an ASP.NET Multi-Tenant Website

Question

User-Configurable Security on an ASP.NET Multi-Tenant Website

We are building a website with several tenants in ASP.NET, and we must allow each client to customize their own security model. They should be able to define their own roles and put users in these roles. What is the best way to do this?

There are some simple examples of page_load events that have code:

  if (!user.InGroup("Admin")
       Response.Redirect("/NoAccess.aspx");

But this hardcodes the groups and permissions in the code. How can I configure it as a user?

+3

security asp.net multi-tenant

Jim Oct 7 '08 at 12:29

source share

2 answers

-, . .

foreach(var group in ThisPageConfiguration.AcceptedRoleNames)
if (user.IsInRole(group))
...

... , .

0

ullmark 07 . '08 12:37

Turnkey · Accepted Answer · 2008-10-07T12:54:51+0000

Perhaps put custom roles in a DB table where you store the roles and tenant, and then PagePermissions in another table, for example:

Table "Role"
RoleId, TenantId, Role

Table "PagePermissions"
PageId, RoleId

Table "UserRoles"
UserId, RoleId

, RoleId, , :

Select PageId FROM 
UserRoles UR INNER JOIN PagePermissions PP
ON UR.RoleId = PP.RoleID
WHERE UR.Userid = @UserId AND PP.PageID = @PageId

, .

User-Configurable Security on an ASP.NET Multi-Tenant Website

More articles: