Access Control List (ACL) abstraction layer in .net

雨燕双飞 提交于 2019-12-03 13:23:09

问题


Is there an ACL abstraction layer available in .net? I have seen some "best practices" documents but no good base implementation. What about the System.Security.AccessControl? Is this a good starting point?

The ACL's should work with Roles stored in DB as well as Roles by the system and for in-memory-object definitions as well as db objects or files. So it should be generic and/or easy to extend.

Should this rely on IPrincipal, IIdentity from the .net framework?

Zend has something similar in their Framework for PHP and I am searching this kind of stuff for C# instead of porting that (if there is already a standard solution or best practice implementation).

@ladislav:

It is not intended to be used only in web services, fat clients or standalone apps. Because of this I am searching an abstraction layer that can be extended by adapters for a specfic backend/platform. You're right, that I am searching something like a role based access management abstraction layer for different kind of objects and right definitions. This should not rely onto the ACLs you set for folders in filesystems. A filesystem should be a special adapter used by the ACLs implementation. For me, ACL itself is a concept and has nothing to do with filesystems. Filesystems USES an implementation of the concept of ACL (even if its mostly known in this field). The hard dependency onto Win32-api is not wanted. This is why I am asking for something generic and abstract (interface) that is commonly (and widely) used. Do you know the implementation in the zend framework (I know it is PHP but the concept works for any app, not only web based)? It is abstracted and could be used for any object in the code


回答1:


An example abstraction is the library nAcl - .NET Access Control List

... "helps you handle scenarios for a matrix of rights easily. It can also be easily extended through a Provider" ...

Features:

  • Handles the rights of an application for you
  • Handles a hierarchy of rights
  • Rights are calculated in one place but can be potentially retrieved from anywhere thanks to the provider mechanism (seems to be a relevant feature to add several sources)
  • In memory provider for static rights
  • Router provider to handle routes and associating providers to a route
  • Sql provider to handle rights in Db

... but I haven't seen the usage of IPrincipal within the Interface.



来源:https://stackoverflow.com/questions/6864438/access-control-list-acl-abstraction-layer-in-net

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!