Filter authorizations per application ID

Feb 24, 2010 at 12:48 AM

Hi

Can you tell me the best way to do the following:

I have a role "Coordinator" that is associated with a task "ModifyBlah", for this task i would like to set specific authorizations which are based on some application business logic such as an ID. There may be a number of authorizations set per application ID. In the application i would like to check access to the task "ModifyBlah" only for a specific application ID.

I have tried to set an attribute for the authorizations for the application ID, hoping i could filter by that ID when checking for access but i cant figure out how to!!

 

Any help would be appreciated

 

Thanks

Neil

 

Feb 24, 2010 at 8:25 AM

Hi,

if you have a lot of Application ID … you can define a Business Rule on the task “ModifyBlah” like following:

using System;

using System.Security.Principal;

using System.IO;

using System.Data;

using System.Collections;

using System.Collections.Specialized;

using System.Collections.Generic;

using System.Text;

using NetSqlAzMan;

using NetSqlAzMan.Interfaces;

namespace DB_Persone.BizRules

{

    public sealed class BizRule : IAzManBizRule

    {

        public BizRule()

        { }

        public bool Execute(Hashtable contextParameters, IAzManSid identity, IAzManItem ownerItem, ref AuthorizationType authorizationType)

        {

            //Insert your code here

           int applicationId = (Int32)contextParameters[“applicationId”].Value;

            switch (applicationId)

{

                               case 1:  … do something; authorizationType = AuthorizationType.Allow;break;

                               case 1:  … do something; authorizationType = AuthorizationType.Allow;break;

                               …

                               case n:  … do something; authorizationType = AuthorizationType.Deny;break;

}

            return true; //true means “consider Biz Rule result” … otherwise “do not consider biz rule result”

        }

    }

}

At run-time …. when you invoke checkaccess … remember to pass a contextParameter named “applicationId” and its value.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Mar 1, 2010 at 4:16 AM
Hi Aferende

I still dont think this will do the job, as i only want the access check performed for a specific Application ID, i.e. how do i ensure when setting authorizations for a certain Task which may have validFrom validTo set that it applies to a specific Application ID?

Many thanks

Neil

On 24 February 2010 21:26, aferende <notifications@codeplex.com> wrote:

From: aferende

Hi,

if you have a lot of Application ID … you can define a Business Rule on the task “ModifyBlah” like following:

using System;

using System.Security.Principal;

using System.IO;

using System.Data;

using System.Collections;

using System.Collections.Specialized;

using System.Collections.Generic;

using System.Text;

using NetSqlAzMan;

using NetSqlAzMan.Interfaces;

namespace DB_Persone.BizRules

{

    public sealed class BizRule : IAzManBizRule

    {

        public BizRule()

        { }

        public bool Execute(Hashtable contextParameters, IAzManSid identity, IAzManItem ownerItem, ref AuthorizationType authorizationType)

        {

            //Insert your code here

           int applicationId = (Int32)contextParameters[“applicationId”].Value;

            switch (applicationId)

{

                               case 1:  … do something; authorizationType = AuthorizationType.Allow;break;

                               case 1:  … do something; authorizationType = AuthorizationType.Allow;break;

                               …

                               case n:  … do something; authorizationType = AuthorizationType.Deny;break;

}

            return true; //true means “consider Biz Rule result” … otherwise “do not consider biz rule result”

        }

    }

}

At run-time …. when you invoke checkaccess … remember to pass a contextParameter named “applicationId” and its value.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Read the full discussion online.

To add a post to this discussion, reply to this email (netsqlazman@discussions.codeplex.com)

To start a new discussion for this project, email netsqlazman@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com




--
Neil Kirby
Mob:0211259860
Mar 1, 2010 at 6:41 AM

Hi,

For each user you can add more than one authorization.

Add one for a specified Application ID, ValidFrom and ValidTo and add a key/value pair attribute Application ID.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com



Feb 6, 2012 at 9:17 PM

Hi guys,

I have an issue related with this topic.

I created the BizRule related to an operation, so simple:

using System;
using System.Security.Principal;
using System.IO;
using System.Data;
using System.Collections;
using System.Collections.Specialized;
using System.Collections.Generic;
using System.Text;
using NetSqlAzMan;
using NetSqlAzMan.Interfaces;

namespace Application_Demo.BizRules
{    
         public sealed class BizRule : IAzManBizRule    
         {        public BizRule()        { }

                  public bool Execute(Hashtable contextParameters, IAzManSid identity, IAzManItem ownerItem, ref AuthorizationType authorizationType)        
                  {                
                            return false;         
                  }    
          }
}

As you can see, every time this "checkAccess" method should return a "false".

By the way, I assigned this operation to the Role. But every time returns "true";

Did I forget anything?

Thanks!

Feb 7, 2012 at 8:18 AM

Hi,

You're confusing parameters.

the result of the function says if the result should be considered as valid for final authorization or not (true/false).

The you can steer instead resulted permission using the ref AuthorizationType authorizationType parameter.

Example:

AuthorizationType authorizationType = AuthorizationType.Allow; //resulted permission

return true; // result must be considered as valid

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Feb 7, 2012 at 2:00 PM
Hi Andrea,

Thanks for your quick response.

How can I use the ref AuthorizationType authorizationType parameter when the CheckAccessHelper's methods does not have this parameter on any methods? I think you are refering the "Execute" method, but I cant access to this one?

Thanks for your time and I'm sorry for bugging you.

Saludos,

___________________________________________________________________________________

Matías Emanuel Toro

Manager & Founder

matias.toro@iblum.com.ar| Mobile +54 9 341 15.363.2325

www.iblum.com.ar

MCP ID: 3817041





From: [email removed]
To: [email removed]
Date: Tue, 7 Feb 2012 00:18:21 -0800
Subject: Re: Filter authorizations per application ID [netsqlazman:155579]

From: aferende
Hi,
You're confusing parameters.
the result of the function says if the result should be considered as valid for final authorization or not (true/false).
The you can steer instead resulted permission using the ref AuthorizationType authorizationType parameter.

Example:
AuthorizationType authorizationType = AuthorizationType.Allow; //resulted permission
return true; // result must be considered as valid

Regards,
Andrea.


__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com


Read the full discussion online.
To add a post to this discussion, reply to this email (netsqlazman@discussions.codeplex.com)
To start a new discussion for this project, email netsqlazman@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com
Feb 7, 2012 at 2:40 PM

Sorry but you asked a question on the Execute method of a Biz Rule.

Now I'm lost ...

What do you want to know ? On What ?

J

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Feb 7, 2012 at 2:49 PM

I'm confused as well.

namespace Application_Demo.BizRules
{    
         public sealed class BizRule : IAzManBizRule    
         {        public BizRule()        { }

                  public bool Execute(Hashtable contextParameters, IAzManSid identity, IAzManItem ownerItem, ref AuthorizationType authorizationType)        
                  {                
                            return false;         
                  }    
          }
}

=======================

But since we're talking about it.

Andrea.  Can I asked what the design decision was to have that as an out parameter, instead of the return object of the method itself?

(I'm not criticizing, I'm just trying to understand since we're jumping in full force with the library).

Thanks.............

 

Feb 7, 2012 at 9:06 PM

This choice is dictated by the fact that you might have a hierarchy of BizRule, resulting from a hierarchy of Items, and now, every time you invoked a bizrule, you may have the need to "turn off" or "turn on" bizrule based on runtime values ​​(result of the Execute function).

If the result is true ... the result will be used to compute final permission … otherwise not.

Only in the case of “return true”, will also make sense to say which is the permission resulted by bizrule (ref AuthorizationType parameter).

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com