Authentication, Authorization, User and Role Management and general Security in .NET

Question

I need to know how to go about implementing general security for a C# application. What options do I have in this regard? I would prefer to use an existing framework if it meets

Answer 1

I would use the term - 'RBAC' (Role based Access Control system) as the Solution to all your requirements.

I would not go in much detail for explaining 'RBAC' here, rather I would briefly describe it as:

It basically contains 3 features.

1) Authentication - It confirms the user's identity. Usually it is done via user accounts and passwords or credentials.

2) Authorization - It defines what user can do and cannot do in an application. Ex. ‘Modifying order’ is allowed but ‘creating new order’ is not allowed.

3) Auditing of user actions on applications. - It keeps track of user's actions on applications, as well as who has granted which access to which users?

you can check RBAC on wiki here.

https://en.wikipedia.org/wiki/Role-based_access_control

Now, regarding answer to your requirements - one of the possible solution is to extend ASP.NET membership as per your needs.

And regarding, some ready to use framework , I would recommend VisualGuard for which I work, you should check this, It does all the things what you need very easily, and what is most important is, It manages all your users, roles, permissions, and applications via Central Administration Console, and for defining permissions, administrators do not require developer's knowledge, i.e he/she can create restrictions on activities via UI.

you can also check this article to have more understanding on permission and role based system.

http://www.visual-guard.com/EN/net-powerbuilder-application-security-authentication-permission-access-control-rbac-articles/dotnet-security-article-ressources/role-based-access-control-source_soforum.html