Storing rules in SQL Server Database

Topics: Security Application Block
Dec 14, 2010 at 9:46 PM

I would like to store the rules themselves in an SQL database.  Is this possible out of the box or will I need to write a custom AuthorizationRuleProvider?  If I need to write a custom AuthorizationRuleProvider is there any examples available?

Thanks in advance for your help,
Terry

Dec 15, 2010 at 3:51 AM

Hi Terry,

You will need to create your own custom provider to achieve this. Here's a related thread for more info - http://entlib.codeplex.com/Thread/View.aspx?ThreadId=12404.

As for an example, your custom authorization provider may look something like the class below. For instruction on how to create a custom authorization provider you can refer to the documentation - http://msdn.microsoft.com/en-us/library/ff664397(v=PandP.50).aspx.

using System;
using System.Collections.Specialized;
using Microsoft.Practices.EnterpriseLibrary.Security;
using Microsoft.Practices.EnterpriseLibrary.Common.Configuration;
using Microsoft.Practices.EnterpriseLibrary.Security.Configuration;
using System.Xml;
using System.Configuration;
using System.Security.Principal;

namespace CustomProvider
{
    [ConfigurationElementType(typeof(CustomAuthorizationProviderData))]
    public class CustomMembershipProvider : AuthorizationProvider
    {
        private NameValueCollection pair = new NameValueCollection();
        private static string xmlPath = String.Empty;
        public CustomMembershipProvider(NameValueCollection attr)
        {
            pair = attr;
            xmlPath = pair["UserConfig"]; ;
        }
        public override bool Authorize(IPrincipal principal, string context)
        {
            string name = principal.Identity.Name;
            bool authorized = false;
            string password = "123";
            if (xmlPath == string.Empty)
            {
                throw new ConfigurationErrorsException("Configuration Error: XML Store " + "Path Not Set");
            }

            XmlTextReader reader = new XmlTextReader(xmlPath);

            while (reader.Read())
            {         

                if (reader.Name.Equals("User"))
                {
                    if (reader.GetAttribute("UserName") == name && reader.GetAttribute("Password") == password && reader.GetAttribute("Role") == context)
                    {
                        authorized = true;
                        break;
                    }
                }
            }
            return authorized;

        }

        public static bool ValidateUser(IPrincipal principal, string password)
        {
            string name = principal.Identity.Name;
            bool validated = false;

            if (xmlPath == string.Empty)
            {
                throw new ConfigurationErrorsException("Configuration Error: XML Store " + "Path Not Set");
            }

            XmlTextReader reader = new XmlTextReader(xmlPath);

            while (reader.Read())
            {

                if (reader.Name.Equals("User"))
                {
                    if (reader.GetAttribute("UserName") == name && reader.GetAttribute("Password") == password)
                    {
                        validated = true;
                        break;
                    }
                }
            }
            return validated;

            
        }
    }
}
Hope this helps.

Gino Terrado
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com

 

 

Dec 15, 2010 at 4:06 AM

Thanks Gino. I appreciate the response and the example!!!

Terry

From: AvanadeSupport [email removed]
Sent: Tuesday, December 14, 2010 9:52 PM
To: Terry Wahl
Subject: Re: Storing rules in SQL Server Database [entlib:238377]

From: AvanadeSupport

Hi Terry,

You will need to create your own custom provider to achieve this. Here's a related thread for more info - http://entlib.codeplex.com/Thread/View.aspx?ThreadId=12404.

As for an example, your custom authorization provider may look something like the class below. For instruction on how to create a custom authorization provider you can refer to the documentation - http://msdn.microsoft.com/en-us/library/ff664397(v=PandP.50).aspx.

using System;
using System.Collections.Specialized;
using Microsoft.Practices.EnterpriseLibrary.Security;
using Microsoft.Practices.EnterpriseLibrary.Common.Configuration;
using Microsoft.Practices.EnterpriseLibrary.Security.Configuration;
using System.Xml;
using System.Configuration;
using System.Security.Principal;
 
namespace CustomProvider
{
    [ConfigurationElementType(typeof(CustomAuthorizationProviderData))]
    public class CustomMembershipProvider : AuthorizationProvider
    {
        private NameValueCollection pair = new NameValueCollection();
        private static string xmlPath = String.Empty;
        public CustomMembershipProvider(NameValueCollection attr)
        {
            pair = attr;
            xmlPath = pair["UserConfig"]; ;
        }
        public override bool Authorize(IPrincipal principal, string context)
        {
            string name = principal.Identity.Name;
            bool authorized = false;
            string password = "123";
            if (xmlPath == string.Empty)
            {
                throw new ConfigurationErrorsException("Configuration Error: XML Store " + "Path Not Set");
            }
 
            XmlTextReader reader = new XmlTextReader(xmlPath);
 
            while (reader.Read())
            {         
 
                if (reader.Name.Equals("User"))
                {
                    if (reader.GetAttribute("UserName") == name && reader.GetAttribute("Password") == password && reader.GetAttribute("Role") == context)
                    {
                        authorized = true;
                        break;
                    }
                }
            }
            return authorized;
 
        }
 
        public static bool ValidateUser(IPrincipal principal, string password)
        {
            string name = principal.Identity.Name;
            bool validated = false;
 
            if (xmlPath == string.Empty)
            {
                throw new ConfigurationErrorsException("Configuration Error: XML Store " + "Path Not Set");
            }
 
            XmlTextReader reader = new XmlTextReader(xmlPath);
 
            while (reader.Read())
            {
 
                if (reader.Name.Equals("User"))
                {
                    if (reader.GetAttribute("UserName") == name && reader.GetAttribute("Password") == password)
                    {
                        validated = true;
                        break;
                    }
                }
            }
            return validated;
 
            
        }
    }
}
 
Hope this helps.

Gino Terrado
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com


The information transmitted in this correspondence may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please contact the sender and delete the e-mail and any attachments.
Dec 15, 2010 at 7:01 PM

Another option would be to use the newly available SqlConfigurationSource and just store all your config in the database.

 

Mar 21, 2012 at 5:23 AM

I also have the needs to load rules from database in my project, So I extended the Security application block with new SqlAuthorizationRuleProvider

Here is the source.

http://code.msdn.microsoft.com/windowsdesktop/Extending-the-EnSecurity-f1c44f95