All geek questions in one place

Is there a C # library that behaves like permissions and Active Directory groups?

I like the way permissions and groups work in Active Directory, but I don't want to bind my application to AD.

Is there an existing library that contains the same functions as AD? In particular, the ability to create groups, assign users to groups, add group permissions, and view user or group application permissions?

+6
source share
7 answers

The ActiveDirectoryMembershipProvider class inherits MemberhipProvider.

This means that you do not need to bind your application to AD as such, but to the MembershipProvider model. This model is used throughout .net and works well with built-in controls and classes.

Here is an example

//Any of these will work ActiveDirectoryMembershipProvider provider = new ActiveDirectoryMembershipProvider(); //SqlMembershipProvider provider = new SqlMembershipProvider(); //MyCustomMemebershipProvider provider = new MyCustomMemebershipProvider(); MembershipProvider membershipProvider = provider; if (membershipProvider.ValidateUser("username", "password")) { MembershipUser user = membershipProvider.GetUser("username", true); } else { //Do something }

I am not an expert in this model, but I had some experience with the MembershipProvider subclass and implementing IPrincipal, IIdentity, etc. It is truly flexible and supports a consistent architecture.

+1
source

You can set up a free LDAP server, for example. OpenLDAP and use DirectoryServices to access it and any number of tools to administer the LDAP directory. Some configuration required!

The advantage of using the standard directory service is its many administration tools and the ability to support any number of applications. The disadvantage is administration training and a directory request. Is there any specific reason you don't want to use AD? If you are running Windows, I would highly recommend it for most objections.

0
source

If AD is too heavy for you, you can use ADAM, which is a lightweight AD, which you can configure using the ADSI Edit provided with the latter. Below is a good document and a question. p>

In addition, you can view ADAM using the same .NET API ( System.DirectoryServices.AccountManagement ).

0
source

Perhaps you can use Microsoft-Authorization Manager from Microsoft as a shell for Active Directory.

It contains a programming API to request permissions.

and gui (azman.msc), where you can define roles and rights to the card and save them in an XML file.

It can be configured in Active Directory.

0
source

Two things.

First:

If you want to interact with the Directory, you need to program the top of the LDAP API. As I understand it, ADSI is working on the top of LDAP, but it seems that it is not so independent of Active Directory. I know that Novell, which initiates the monoproject, is editing a more independent C # library at the top of LDAP .

Second:

Permissions, I mean access control lists (ACLs), are non-standard features. The method for resolving permissions in Active Directory is different from the way they are implemented in Sun e-Directory (special attributes). For example, in permissions, OpenLDAP is implemented as an access filter.

I may (hopefully) be mistaken, but I have never heard of a library that permits federation in Catalonia.

0
source

One library I read about is Rhino Security . It seems to be handling authentication as well as authorization for business operations and is probably worth a look. In fact, I did not implement it, so I do not know how well this works.

0
source

To do this, you can use the authorization manager (AzMan), part of Windows Server. To integrate with it from .NET, Entrepreneurs Library 5 has types of class libraries that you can use.

0
source

Source: https://habr.com/ru/post/888226/

More articles:


All Articles