Security App block without roles?

Topics: Security Application Block
Nov 11, 2010 at 12:18 AM

I have a project that is permission based and would like to convert it over to use the application blocks.

Is the security application block able to be used without having any roles?

So far all the samples that I have seen need to have a role. i.e. <add expression="R:Developer OR R:Manager" name="Resolve Bug" />

Also, we have existing sql tables for our permissions, do we need to convert them to a specific layout or can we use what we already have?

Nov 11, 2010 at 2:32 AM

I think you're specifically talking about the AuthorizationRuleProvider.  It can be used without involving roles but the only other expression you could use relates to the user's Identity.  Thus, you would need to create a custom authorization provider.  You need not modify your sql tables because there's no support for that in the AuthorizationRuleProvider.  You would incorporate the logic of loading permissions from the database in your custom authorization provider.


Sarah Urmeneta
Global Technologies & Solutions
Avanade, Inc.

Nov 11, 2010 at 2:35 PM

Can you post a link or where in the documentation I could see some sample code for a custom authorization provider?

Nov 15, 2010 at 1:24 AM
Edited Nov 15, 2010 at 1:43 AM

There's no sample code for a custom authorization provider but the steps for creating custom providers can be found here

There's a sample code though posted in this thread, you might be interested.   The class which inherits from AuthorizationProviderData is optional, you only need to create it if you want to have full integration with the configuration tool.  If you only need basic integration, you can make use of the CustomAuthorizationProviderData.  These thing are documented and can be found also in the Creating Custom Providers section of the documentation.


Sarah Urmeneta
Global Technologies & Solutions
Avanade, Inc.