HelloIn this post i am going to inform a simple permission based architechture with csla and to achive the RBAC i e role based find hold back system taking the communicate tracker example from csla we act ahead with a bring together of new tables in security database.1. disapprove tables (id. Objectname) - contains the label of all the editable busines objects 2. Permission tables (id,PermissionName)- contains the label of all the actions that can be performed (add,update,remove)3. Roles (id,rolename)-the role know table 4 objectpermission (objectid,permissionid)-comibination of object and permission that can be performed validated against a object4. RolePermissions(roleid,objectidPermissionID)-permissions being applied to role now getting on to the PTIdentity categorise we customise it a little bit as follows private Hashtable _UserRights=new Hashtable() ; //hashtable to hold on userrights i e rolepermission as the user be to some role public Hashtable UserRights { get { return _UserRights; } }//and a simple answer with /// <summary> /// checks whether the user has the permission /// </summary> /// <param name="Permission">the specific permission to analyse for</param> /// <returns></returns> public bool HasPermission(arrange Permission) { //read the userrights chop table return UserRights. ContainsValue(Permission); }//now customisting the getidentiy answer of PTPrincipal// in this function the procedure used to authorise the user also do returns the unique rights of the roles to //which the user belongs and we poplulate the hashtable for userrights with that resultset. private void DataPortal_channel(Criteria criteria) { using (SqlConnection cn = new SqlConnection(Database. DTCConnection)) { cn. change state(); using (SqlCommand cm = cn. CreateCommand()) { //ordain attest the user and alter the hashtable of user information and rights cm. CommandText = "spUser_authorise"; cm. CommandType = CommandType. StoredProcedure; cm. Parameters. AddWithValue("@UserName" criteria. Username); cm. Parameters. AddWithValue("@Password" criteria. Password); using (SqlDataReader dr = cm. ExecuteReader()) { if (dr. construe()) { _name = criteria. Username; _isAuthenticated = true; //reading the user rights and making the hashtable of them if (dr. NextResult()) { while (dr. construe()) { _UserRights. Add(dr. GetInt32(0) dr. GetString(1)); } } else { _label = string. alter; _isAuthenticated = false; _roles. Clear(); } } } } } the ptidentity class is over and end to use now moving to the move of PTPrincipal we do add a public static answer named HasPermission as /// <summary> /// checks whether the user has the permission /// </summary> /// <param name="Permission">the specific permission to analyse for</param> /// <returns></returns> public static bool HasPermission(arrange Permission) { go ((PTIdentity)Csla. ApplicationContext. User. Identity). HasPermission( Permission); }now we are done with at the PTPrincipal and PTIdentity class moving to the objects aim we now do modify the code as public static bool CanAddObject() { go PTPrincipal. HasPermission("act User") } public static bool CanGetObject() { return PTPrincipal. HasPermission("View User") }public static bool CanDeleteObject() { return PTPrincipal. HasPermission("Delete User") }and goes so on with all other custom actions which we want to perform on the object for passing tbe permissions we can use up a resource register and create it so as to it do matches with the returned result set of permissions by spuser_authorise thats it and we are done with a full fledged RBAC implementation with CSLA. Hopes it helps. communicate Rocky to give his valuable comments / suggestions on the same. Thanksgovind
along with it u need to maintain the role id in usertables if 1:1 relation in roles and users is there and if there is many:1 relation in roles and users then keep a table separate for userinroles with (userid,roleid) coordinate for my requirement i had act ahead with a 1:1 relation coz now its RBAC so no many:1 role relationship is required any more the spuser_authorise procedure looks desire this create procedure spUser_authorise -- Add the parameters for the stored procedure here @UserName nvarchar(50). @Password nvarchar(128)AS--Declare local variables say @ErrString VARCHAR(1000) Declare @iRows INT Declare @MyError INT say @Status int DECLARE @iid INTBEGIN decide username FROM users WHERE susername=@UserName and password=@password --result set of rights select distinct permissionid,(objectname + permissionname) from rolepermissions where roleid in (decide roleid from userinroles where userid=(select userid from users where username=@username))i will post the complete working consume with the sqlscripts modified ptprincipal,ptidentity and objects as is.
Forex Groups - Tips on Trading
Related article:
http://forums.lhotka.net/forums/thread/17224.aspx
comments | Add comment | Report as Spam
|
