All geek questions in one place

How to implement role-based protection with dynamic data and Active Directory?

What is the best way to implement security using active directory roles on asp.net dynamic data site?

I would like to limit certain views (and related links) to certain roles. that is, user A can only view list actions for table x, and user B can only view list actions for table y

+3
source share
3 answers

I have a number of articles about this in the here Decision on permission based on DynamicData attributes using custom roles and here DynamicData: database-based permissions - part 1 , and I would also add to the Docking dynamic data in a code that uses route handler.

+1
source

I have done this in many applications.

You have Windows Authentication for your application.

Make some object that can store user credentials and have this object stored in the session for quick recovery. If it is not there, you can quickly rebuild it. I usually install several roles, for example:


enum USER_ROLE : int
{
  Role1 = 1,
  Role2 = 2,
  Role3 = 4,
  Role4 = 8,
  etc
}

if (Context.User.IsInRole("Roll1Name")) YourUserObject.Roles += USER_ROLE.Role1;
if (Context.User.IsInRole("Roll2Name")) YourUserObject.Roles += USER_ROLE.Role2;
etc

, , , HtmlControl .

Eg. bool SetControlSecurity (HtmlControl ctrl, int iUserRoles, int iControlRoles, ACTION eAction)

, :

SetControlSecurity (pnlUserInfo, YourUserObject.Roles, eRole.Role2, ACTION.Hide);

param , , hide, readonly, clear data ..

:


bool bHasAccess = ((iUserRole & iControlRoles) > 0);
if (bHasAcess)
{
  // leave the control or make sure it is visible etc
}
else
{
  // take action to secure the control based on the action
}

, .

+2

You can simply use the memebrship providers and ASP.NET Active Directory roles to authenticate \ authorize users in the application. You can then call Roles.IsUserInRole , wherever you want to verify that the AD role belongs to validate users, are part of the corresponding group (s) before displaying the content.

0
source

Source: https://habr.com/ru/post/1704096/

More articles:


All Articles