Advanced Security Application Block

Topics: Building and extending application blocks, Security Application Block
Nov 10, 2008 at 3:59 PM

I have a list of users which an operator can see. This operator has r/w permissions for some users and only read permissions for other in the same list.
I would like to use Security Application Block along with Policy Injection to allow/disallow operator to change first and last name of a person. Obviously I
need to write my own authorization provider, but how do I set up Policy Injection to distinguish between the r/w and read-only users.
Is this even possible using 4.0 Enterprise library.

Best regards,
Simon Sakelsek

Nov 11, 2008 at 6:52 AM
Edited Nov 11, 2008 at 7:02 AM
The way I see it, your implementation of the Authorize method in your authorization provider should accept a parameter which would enable you to determine the corresponding read/write permission of the user.  The common approach when using a custom authorization provider is to pass the role of the user as the "context" parameter in the Authorize method.  You could probably include the r/w or read-only attribute of the user as part of the "context" parameter in addition to the role.  You would have to create your own implementation of an ICallHandler in order to do this.

You could also consider creating different roles for users with r/w and read-only permission.

Sarah Urmeneta
Global Technology & Solutions
Avanade, Inc.