I am working on a Windows application in C# (.NET 4.0) and need something to implement some basic ACL rules or more specifically, apply certain configurations based on the user type.

The application has license keys that we are able to use to determine the user type (i.e. User, Installer, Engineer) among other pieces of information.

Based on the type of user, certain features, menus, buttons, and display data will be different. I could just hard code showing and hiding of these elements in the application based on the user type, but we have a permissions matrix that defines the permissions so I would like to create an ACL so we could easily audit the matrix to the application code.

I have looked around but a lot of the ACL and security code in the System.Security namespace seem to be made for Windows and Filesystem ACLs.

Can someone recommend any existing classes (preferably free) that implement simple ACL’s in C#.

I just need to be able to do something like this:

ACL acl = new ACL();
acl.addRole("User");
acl.addRole("Manufacturer");

acl.addResource("SpecialButton");

acl.deny("SpecialButton");
acl.allow("SpecialButton", "Manufacturer");

// so later in my app I can do

theUserType = "Manufacturer";
// ...
if (acl.isAllowed(theUserType, "SpecialButton")) {
    SpecialButton.Visible = true;
}

I’m not looking to try to stop people from tampering with code at runtime, if they want to go out of their way to do that then they can, but I would like an easy way to create and query the ACL’s to determine how the GUI looks and what options are available when the program is loaded based on the key.

It’s easy enough to create this but if it is already done then that is even better.