Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an application that has content that needs to be setup for permissions (i.e. member/non-member)
I have roles/authentication setup just fine, that is not my issue. My question is basically asking the best way to store permissions for each object. Essentially there is “Guest” and “Member” roles, and simple “Allow” “Deny” permissions for each object.
Any ideas? The program is written in ASP.NET MVC using C#, LINQ, and MS-SQL 2005.
If you want to protect assets (files, database rows, Domain Entities, documents, etc.) instead of application features or user abilities, role-based security doesn’t fit very well.
A better model is to use Access Control Lists (ACLs) like you know from NTFS. You almost said it yourself because you need to assign particular permissions on each object for each user or role. That’s what an ACL does.
If you need to protect objects that are ultimately rows in SQL Server, you will need to define custom tables for your ACLs, since SQL Server has no support for row-level permissions.
Based on the data in those ACLs, you must implement the necessary security checks in your Data Access Components.
Here are some links to related SO answers: