Is there an ACL abstraction layer available in .net? I saw some “best practice” documents, but did not have a good base. What about System.Security.AccessControl? Is this a good starting point?
ACL should work with Roles stored in the database, as well as Roles system and definitions of objects in memory, as well as objects or db files. Therefore, it must be general and / or easy to expand.
Should it rely on IPrincipal, IIdentity from the .net framework?
Zend has something similar in their Framework for PHP, and I'm looking for this stuff for C # instead of porting it (if there is already a standard solution or best practice).
@ladislav:
It is not intended to be used only in web services, fat clients, or standalone applications. Because of this, I am looking for an abstraction layer that can be extended by adapters for the backend / platform specification. You are right that I am looking for something like a role-based abstraction level of access control for different objects and correct definitions. This should not depend on the ACLs that you set for folders on file systems. The file system must be a special adapter used in the implementation of the ACL. For me, an ACL is a concept in itself and has nothing to do with file systems. File systems USE the implementation of the ACL concept (even if it is mostly known in this area). Hard dependency on Win32-api is not needed. That is why I ask for something general and abstract (interface) that is commonly (and widely) used. Do you know the implementation within zend (I know that this is PHP, but the concept works for any application, and not just for websites)? It is abstracted and can be used for any object in the code.
source share