EntLib Security - Authorization Rules in database

Topics: Security Application Block
Jun 25, 2008 at 8:23 PM

I am new to Enterprise Library and have been studying the security application block. I have few doubts:

1. One thing which bothers me if there is any possibility that we can use any built-in authorization providers which retrieve authorization rules from database instead of the config file. (like SQL Server)
Well, from what I understand till now, i don't see any such feature in EntLib, other than using a custom provider and writing the logic yourself.
The reason i want to use database because in our application, rules can be modified by the administrator through the application UI. So it's just not possible to store them in the config files. I must use database.

2. Now, assuming that I can't store rules in database without having to write a custom authorization provider, how worth it is to use Security Application Block. Because the two features which SAB provides are Authorization and Caching of security information. And since I won't be even using the config files to store rules, and writing the authorization mechanism myself, is it worth using EntLib at all? Because then I am doing most of the job myself, and to me (with my limited knowledge) it doesn't make sense to just use EntLib to derive from its class and write the whole story myself! Okay, the thing is I am not going to use the Caching feature either. Because that is a potential security risk, as the information is not protected by any means and we can't afford to have that in our application, since it would store some financial data as well.

3. Can there be a relation between EntLib Security Application Block and WCF Federated Security Model? Can these two be used together? Because WCF Federated Security would work in a distributed environment and am not sure about the applicability of EntLib SAB in such an environment. There do not seem to be much such discussions earlier that could help me in this regard.

FYI: We are using .NET 3.5, SQL 2005, C# WinForms and evaluating the applicability of EntLib 4.0 in our application's scenario.

Any help on the above questions would be appreciated. Any suggestions\alternativ approaches are also welcome.
Jan 12, 2009 at 8:40 PM
Hi sparx,

Did you find answer for the questions posted above? we are trying to extend security application block to read rules fomr database(both sql & oracle) and facing the similar challenges stated by you. Can you share your thought or experience in how you handled the issues?

Any help will be greatly appreciated.

Regards,
Vinay

Jan 13, 2009 at 2:25 AM
See if this helps...
http://www.codeplex.com/entlib/Thread/View.aspx?ThreadId=12404

Sarah Urmeneta
Global Technology & Solutions
Avanade, Inc.
entlib.support@avanade.com