Authorization Design Best Practice

Topics: Security Application Block
Jan 6, 2007 at 3:16 AM
Hi all,

Can anyone recommend me to use Security Appication Block to handle authorization on Windows application (multiple user environment)? In default RuleManager, it use app.config to keep rule expression. If I want to design application to allow user to set up their authorization system, what should I do to suppor multiple user environment?

Thank you,
Teeravee Sirinapasawasdee
Jan 17, 2007 at 4:00 PM
By default the rules are pulled from the app.config, but you can specify another configuration source by using

AuthorizationProviderFactory(IConfigurationSource configurationSource)

Here I pull the RuleData from an external config file:

IConfigurationSource source = new FileConfigurationSource("MyRules.config");

AuthorizationProviderFactory factory =
new AuthorizationProviderFactory(source);

IAuthorizationProvider provider = factory.Create("Rules");





David Hayden
Microsoft MVP C#
Feb 18, 2007 at 9:00 PM
Can you tell me if I can hook the Security Application block into a database to deal with user authentication and roles. I'm re-writing an existing application to use the Enterprise Libraries and am using DAAB to handle all the database access, but already have all the users, and their roles defined in a database table. I was wondering if I can hook this into the SAB.
Feb 19, 2007 at 5:08 PM
The Security Application Block used to provide authentication services, but it was pulled out because you now have membership, role, and profile services baked into the .NET 2.0 Framework within the System.Web.Security Namespace.

There is a good example of using the SqlMembership and SqlRole provider for Authentication with the Security Application Block for Authorization in the Security Quickstarts that come with Enterprise Library.

The documentation also has some information about the use of Membership and Role providers with the Security Application Block. Check Introduction to the Security Application Block.




David Hayden
Microsoft MVP C#