Field Level Security

  • Thread starter Thread starter Dave Wurtz
  • Start date Start date
D

Dave Wurtz

All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave
 
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
....

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
 
Mary,

Thanks for the suggestion. I didn't even know this was here (framework is
very big).

However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.

In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity("MyCode", "DAVE")
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Public Sub CheckSecurity(propertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityException("User does not have security")
End If
End Sub

This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?

Thank you!
Dave
 
The security demands I posted were for either Windows or custom users,
not the machine per se. You can also use IsInRole with either Windows
or generic users. You'd use IsInRole as a test before branching to
your code. Security demands don't allow code to run if the user
doesn't "pass" the demand test (they aren't in the role). So I guess
I'm not clear how your security logic would be different than this.

-- Mary
MCW Technologies
http://www.mcwtech.com
 
Back
Top