We all aware of Role based security in ASP.NET. Above to that, I want to apply some business rules for authorization. These business rules are subjected to change dynamically.
Ex: Print option is available between 9am To 12pm, for Adminstrators.
I can control access to print option available for only for Administrators using Role-based authrozation. But here "9 am - 12pm" rule is my business context.
Need authorize the use action based on this context.
My target is to implement this without changing in Code - rebuild and deploy the DLLs.
I heard a copncept of XACML (eXtensible Access Control Markup Language). Seems this approch cann address my requirement.
I am using ASP.NET 4.0, SQL Server 2008, IIS 7, Windows 2008 Server.
Please provide the below information...
1. Is this approch supported by Microsoft?
2. Is there any open source implementaitons in .NET?
3. How Windows Identity Foundation relates to this?
Please share, if there is any work-around for Context based Authorization in .NET.
Thank you in Advance.
View Complete Post