CodeKicks.com
Focus on Microsoft Technologies - Tutorials, Articles, Code Samples.

Wednesday, October 11, 2006

Tip/Trick: Adding .NET Authorization Rules to Business and Data Layers using PrincipalPermissionAttributes

Tip/Trick: Adding .NET Authorization Rules to Business and Data Layers using PrincipalPermissionAttributes

on your site, which allows you to logically group individual users into higher-level roles or groups (for example: "admins", "friends", "subscribers", etc).  The tutorials also demonstrate how to implement authorization rules to grant or deny users/roles access to visit individual pages or URLs within a site (the roles tutorial above also demonstrates how to show/hide menu nodes based on the permissions of the incoming user).

Adding Security Authorization Rules to Business and Data Layers

When you authenticate a user within an ASP.NET application, the authenticated user's identity will be automatically flowed throughout that user's request on the server.  What this means is that you don't need to manually pass a user's identity around from method to method or class to class.  This makes it much easier to implement security authorization rules throughout your application.

One little known feature in .NET is the ability to have the CLR automatically use this identity information to authorize a user's capabilities before instantiating a class, or accessing a method/property on it.  This makes it easy to add clean security authorization rules to your business and data layers without having to write much code.

All you need to do to implement this is to use the PrincipalPermissionAttribute within the "System.Security.Permissions" namespace and decorate it on the appropriate class or member on it.  For example:

Imports System.Security.Permissions
<PrincipalPermission(SecurityAction.Demand, 
           Authenticated:
=True, Role:="Manager")> _
Partial Class MyPage
    
Inherits System.Web.UI.Page
End Class

Tip/Trick: Adding .NET Authorization Rules to Business and Data Layers using PrincipalPermissionAttributes

Post a Comment