inherited security strategy needed

[Craig Buchanan]

I'm building an application that uses a folder and object heirarchy
metaphor. I would like to be able to set access rights generically (at the
folder) or specifically (for the object) for groups or individuals. I would
also like to be able to 'inherit' rights from parent folders to child
folders.

Has anyone seen any examples of how this might be done or suggest an
approach?

Thanks,

Craig Buchanan

 

[Kevin Spencer]

In our case, we wanted to restrict users based upon access to functionality,
which meant, in our case, User Controls. That is, we have pages which load
different User Controls depending upon what functionality is desired. So we
created a class (called "PageContent") which inherits
System.Web.UI.UserControl and added code in its' Init handler that checks
the current user against a Collection of Groups that we derive from our
database. We have a Users table and a Groups table, and a
"PageContentGroups" table, which links Users to Groups based upon the
PageContent class being employed. When the PageContent class initializes, it
loads a collection of Group which are authorized to view that PageContent
class. An anonymous user defaults to a User object that has no Groups.
Otherwise, the user logs in via a form, and the User object for that User is
stored in Session. The User class also has a collection of Groups which that
user belongs to, and this is what is compared to the Groups collection in
the PageContent class.

This way, the whole Security issue is handled without the developer having
to think about it, in the base class for the User Control (PageContent
class) being developed. To change security for a PageContent class, we just
manipulate the database.

This could be done at Page level as well.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.