Extending RoleProvider

Apr 23, 2009 at 5:32 PM
Edited Apr 23, 2009 at 5:38 PM

Hi,

I wanted to use the provided NetSqlAzManRoleProvider to write declarative security code like the following:

[PrincipalPermission(SecurityAction.Demand, Role="op_MyMethod")]

public void MyMethod() {

...

 }

 But then I realized that it would only work with Roles not with Tasks or Operations, which can be very usefull if you need to change the roles definition or add a new role that can do some operations or tasks, without interfering with the written code.
So i came up with the following extension: I basically override GetRolesForUser and IsUserInRole to get rid of the part that test if item is a role.


Here is the complete code of the extension: the web.config is then

<roleManager  defaultProvider="MyRoleProvider"

                  enabled="true"

                  cacheRolesInCookie="false"

                  cookieName=".ASPROLES"

                  cookieTimeout="30"

                  cookiePath="/"

                  cookieRequireSSL="false"

                  cookieSlidingExpiration="true"

                  cookieProtection="All" >

      <providers>

        <clear/>

        <add

          name="MyRoleProvider"

          type="Vizelia.FOL.Security.FOLRoleProvider, Vizelia.FOL.Security"

          connectionStringName="NetSqlAzMan"

          storeName="Vizelia"

          applicationName="FacilityOnLine"

          userLookupType="DB"

          defaultDomain=""

          />

      </providers>

    </roleManager> 

 using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using NetSqlAzMan.Providers;

using NetSqlAzMan.Interfaces;

using System.Security.Principal;

using System.Web;

using NetSqlAzMan;

 

namespace Vizelia.FOL.Security {

 

      internal sealed class FOLSqlAzManDBUser : IAzManDBUser {

            // Fields

            private IAzManSid customSid;

            private string userName;

 

            // Methods

            internal FOLSqlAzManDBUser(IAzManSid customSid, string userName) {

                  this.customSid = customSid;

                  this.userName = userName;

            }

 

            // Properties

            public IAzManSid CustomSid {

                  get {

                        return this.customSid;

                  }

            }

 

            public string UserName {

                  get {

                        return this.userName;

                  }

            }

      }

 

      public class MyRoleProvider : NetSqlAzManRoleProvider {

            public override string Name {

                  get {

                        return "MyRoleProvider";

                  }

            }

 

            public override string Description {

                  get {

                        return "MyRoleProvider";

                  }

            }

 

            public override string[] GetRolesForUser(string username) {

                  IAzManItem[] items = this.Application.GetItems();

                  List<string> list = new List<string>();

                  IAzManDBUser dBUser = this.Application.GetDBUser(username);

                  if (dBUser == null) {

                        throw new Exception(string.Format("DBUser '{0}' not found.", username));

                  }

                  IAzManSid customSid = dBUser.CustomSid;

                  foreach (IAzManItem item2 in items) {

                        switch (item2.CheckAccess(new FOLSqlAzManDBUser(customSid, username), DateTime.Now, new KeyValuePair<string, object>[0])) {

                             case AuthorizationType.Allow:

                             case AuthorizationType.AllowWithDelegation:

                                   list.Add(item2.Name);

                                   break;

                        }

                  }

                  return list.ToArray();

            }

 

            public override bool IsUserInRole(string username, string roleName) {

                  IAzManItem item = this.Application[roleName];

                  IAzManDBUser dBUser = this.Application.GetDBUser(username);

                  AuthorizationType type2 = item.CheckAccess(dBUser, DateTime.Now, new KeyValuePair<string, object>[0]);

                  if (type2 != AuthorizationType.Allow) {

                        return (type2 == AuthorizationType.AllowWithDelegation);

                  }

                  return true;

            }

 

 

      }

}

 

 

 

 

 

Coordinator
Apr 23, 2009 at 7:00 PM
Nice customization.
Great work !