.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
ASPEvil
david stephan
Santhakumar Munuswamy
Fauzul Azmi
Post New Web Links

Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net
 

Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002




View Complete Post


More Related Resource Links

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager

  

Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003


Getting filtered data from Role based SSAS security

  
Hi everyone,I've got a heap of reports that are based on various SSAS cubes. I have roles defined on these cubes that restrict data via certain dimensions. Question is, will these restrictions filter through to the report...ie, if I have a sales person restricted in the SSAS cube to only see sales against their territory (restricted in the Territory dimension), when they run the report will it filter the result based on their SSAS credentials and only show the data they have access to (even though the SSRS report has no direct filters or parameters applied)?Cheers for any help!!

Sharepoint 2010 with role-based asp.net security

  

I have a Sharepoint 2010 (forms authentication) site on windows server 2008 with asp.net role-based security. At the highest level i have document libraries with folders within each as shown below.

> Doc Lib 1

>> Sub folder 1

>> Sub folder 2

> Doc Lib 2

>> Sub folder 1

>> Sub folder 2

Sub folder 1 and sub folder 2 are the same within each document library.

I want to be able to use asp.net roles to restrict users access to the document library. For example, user 1 should only be able to access sub folder 1 within doc lib 1. I'm not sure how i should go about configuring the roles.

I have created role1 for access to doclib1 and role2 for doclib2. In addition i also have roleA for access to subfolder1 and roleB for access to subfolder2. I have assigned the roles the libraries and folders. To user 1, i have assigned : role1 and role A. I expect that user1 should only see doclib1 and within it subfolder1. But that isn't the case.

How do i achieve my desired results?


how to add role based security using (ul - li) for menus ?

  

Hi, All

   How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?

 

  <ul>
<li><a href="#">Services</a></li>
<li><a href="#">About us</a></li>
<li><a href="#">Admin</a></li>
</ul>

Many Thanks

Kered


Custom access denied page for role based security

  

I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.

The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? It would be great if this page could come up in lieu of the sign in box popping up as well.


THANKS!



Problem making Role based Menu in MVC application

  

Hi,

 I want to make Rolebase menu in MVC such that if user doesnot have permission for some action then that Action name shouldnot be shown in the Menu.

 I have used the code in the url(http://forums.asp.net/t/1566328.aspx) in my MVC application.My application is a Discussion Forum(in MVC) same functionality as in this forum forums.asp.net

 I have used Controllers for post, thread etc.In each controller there are some actions that are using [Authorize(Roles)] attribute

 but this coding does not count  those Actions in Controllers having Authorize attribute according to the url http://forums.asp.net/t/1566328.aspx 

 In the code, Authorize attribute is applied to Controller class, but my requirement is of Applying Authorize attribute to some actions in controller so that some are available for all users and  some links are available rolewise.Now what is the solution for that?

 

Regards

Security Briefs: Threat Models Improve Your Security Process

  

Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.

Michael Howard

MSDN Magazine November 2008


Security Briefs: Exploring Claims-Based Identity

  

Keith Brown introduces you to the new identity model in the Microsoft .NET Framework 3.0.

Keith Brown

MSDN Magazine September 2007


Security: Unify Windows Forms and ASP.NET Providers for Credentials Management

  

The .NET Framework 2.0 provides custom credentials management to ASP.NET apps out of the box. Using it, you can easily authenticate users without using Windows accounts. In this article the author presents a set of helper classes that let a Windows Forms application use the ASP.NET credentials management infrastructure as easily as if it were an ASP.NET application.

Juval Lowy

MSDN Magazine April 2005


ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S

  

The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004


.NET Zero Deployment: Security and Versioning Models in the Windows Forms Engine Help You Create and

  

Windows Forms applications solve many of the problems inherent in building Web applications the old fashioned way?with HTML. To demonstrate the use of Windows Forms over the Web, the author takes his existing app, Wahoo!, and ports it to Windows Forms. In doing so, he discusses versioning, linked files, security, storage isolation, the deployment model, and everything else you need to get started building your own Windows Forms apps for the Web.

Chris Sells

MSDN Magazine July 2002


Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr

  

This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000


Password / Application Security.

  

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?


Video: Introduction to Claims-based Security in SharePoint 2010

  
Learn how claims-based identity provides a common way for applications to acquire identity information from users inside their organization, in other organizations, and on the Internet. (Length: 23:46)

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

How list all of the Actions in an MVC application for security audit?

  
Hi, We are developing a big MVC application and the numbers of published end-points (Controller Actions) -audit properly assigned authorization attributes - are getting out of hand. In WinForms, each aspx file is the end-point, so I can easily audit files and folders. Things in MVC are different.  I am looking for a tool based on reflection that searches actions in all controllers available in the solution and give me a list with assigned [Authorize] attribute. Is such tool or technique available? If such tool is not available, how can I audit the security attack surface of an MVC application? A new developer can easily add an action to a controller class (we have many controllers, can't inspect them manually) and the action become available to public. Thank you, Max
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend