Is there an ACL abstraction layer available in .net? I have seen some “best practices” documents but no good base implementation. What about the System.Security.AccessControl? Is this a good starting point?

The ACL’s should work with Roles stored in DB as well as Roles by the system and for in-memory-object definitions as well as db objects or files. So it should be generic and/or easy to extend.

Should this rely on IPrincipal, IIdentity from the .net framework?

Zend has something similar in their Framework for PHP and I am searching this kind of stuff for C# instead of porting that (if there is already a standard solution or best practice implementation).

@ladislav:

It is not intended to be used only in web services, fat clients or standalone apps. Because of this I am searching an abstraction layer that can be extended by adapters for a specfic backend/platform. You’re right, that I am searching something like a role based access management abstraction layer for different kind of objects and right definitions. This should not rely onto the ACLs you set for folders in filesystems. A filesystem should be a special adapter used by the ACLs implementation. For me, ACL itself is a concept and has nothing to do with filesystems. Filesystems USES an implementation of the concept of ACL (even if its mostly known in this field). The hard dependency onto Win32-api is not wanted. This is why I am asking for something generic and abstract (interface) that is commonly (and widely) used. Do you know the implementation in the zend framework (I know it is PHP but the concept works for any app, not only web based)? It is abstracted and could be used for any object in the code