![]() ![]() PermissionToRole which encapsulates the relationship between a given ControlPermsision and a given Role (the one to many relationship) and the permissions for that control by users in that role. To decide if a user has “access” to a control (which will be defined as meaning the right to see a control or to invoke the control) we’ll create two additional objects: My client had their own authentication system (as part of their larger in-house system) and to keep this article simple I’ll follow their lead and simply create a Users table and a Roles table and finesse the authentication. See, for example, my articles on creating users and roles on O’Reilly Windows DevCenter (though today I would re-write these articles to use the Web Site Administration Tool accessed from Visual Studio under Website-> ASP.NET -> Configuration. (One approach is to use the ASP.NET authentication support, accessing it through a web service.) We see this most cleanly and starkly implemented in ASP.NET, though it presents a bit more of a challenge with Windows Forms applications that will be used by a very large number of users. There are many security schemes that have evolved over time, but the one which has proven most successful, at least in the Windows world, is that of Access Control Lists (ACLs) now most commonly referred to as Users and Roles. I do not explain how to create forms, or how event handling works, nor do I explain how to interact with a SQL database. ![]() NET 2 programmers already familiar with C# and. It is also available on the author’s website. Simply click on the CODE DOWNLOAD link in the box to the right of the article title. ![]() The full source code for this article is available for download. All of that is left as a (dare I say?) fairly straight-forward exercise for the reader. It does not implement login and so it does not implement any of the checks to see if the logged in user should be restricted in access to the controls on any given page. This article takes you as far as saving the users, roles and the permissions those roles have for the various controls. In this article, I will review the approach I took, focusing on the nitty-gritty code used to make this work, and the challenges faced in creating such an application quickly (their budget for this was 4 days). ![]() The ideal security architecture would be independent of the participating forms and controls. We wanted to build an architecture that would allow us to add forms and controls to the application without deciding in advance which roles we would use, and without having to modify the forms or controls to meet the needs of the security architecture any more than absolutely necessary. We decided to make the restrictions “roles-based” – that is “managers can click this button, users can see it, but to guests it is invisible.” The following tables describe which properties and methods are removed and which are replaced with similar equivalents.One of my clients wanted to be able to restrict any given control, on any form, so that it is either invisible or disabled based on who is using the form. The MenuStrip control in your application will be converted to RadMenu. ![]()
0 Comments
Leave a Reply. |