问题
In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider.
With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role (RBAC - Role Based Access Control). I couldn't find anything.
That's the idea: A user 'admin' can view 'Home' and 'Administration' pages. Well, like a developer, i don't want to write code to do this profiling. To do this, i expect to work with a component, that encapsulates this complexity. The same idea to manage events, or actions in the application
Do you know something like that? Something like Role Provider, but like a generic component, that can help me ( like the profiling in Moodle, or Joomla).
Just for the record, english isn't my navite language, and i'm still learning it.
回答1:
I wrote my own component for exactly this problem. You can interface to Windows directories and such, but in the past I did not want to manage an application's users through Windows AD, so I write my own role and privilege based subsystem for my applications.
It is not much work to do, and for me it was very worth it because I put into it exactly what I needed and no more.
回答2:
To answer your question, yes, there are few .net components available which allows any .net applications to apply RBAC.
RBAC - Role based access control system is a method of restricting access to 'some sources or applications or some features of applications' based on the roles of users of organization. Here, restrictions can be by means of multiple permissions, those are created by administrator to restrict access, and these permissions collectively represents a role, which will be assigned to user.
And if we go slight deeper in RBAC, it basically contains 3 features. 1) Authentication - It confirms the user's identity. Usually it is done via user accounts and passwords or credentials. 2) Authorization - It defines what user can do and cannot do in an application. Ex. ‘Modifying order’ is allowed but ‘creating new order’ is not allowed. 3) Auditing of user actions on applications. - It keeps track of user's actions on applications, as well as who has granted which access to which users?
This was very basic top view picture of RBAC system.
ASP.Net Membership Component is one of the way to implement RBAC, You can also write your own system with basic functionalities.
There are some nice and helpful articles which shows brief information and implementation of RBAC.
http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles/dotnet-security-article-ressources/role-based-access-control.html
http://www.codeproject.com/Articles/875547/Custom-Roles-Based-Access-Control-RBAC-in-ASP-NET
I also recommend few ready to use components VisualGuard (@which I work) and also MemberProtect.
回答3:
I wrote mine using Postsharp, just by adding attributes to the methos which you need access control.
来源:https://stackoverflow.com/questions/3290536/role-based-access-control-rbac-net-component