Winforms role based security limitations

Posted by muhan on Stack Overflow See other posts from Stack Overflow or by muhan
Published on 2010-04-11T07:51:15Z Indexed on 2010/04/11 7:53 UTC
Read the original article Hit count: 785

Filed under:

c#

|

roleprovider

|

winforms

I'm implementing role based security using Microsoft's membership and role provider.

The theoretical problem I'm having is that you implement a specific role on a method such as:

[PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")]
private void someMethod() {}

What if at some point down the road, I don't want Supervisors to access someMethod() anymore?

Wouldn't I have to change the source code to make that change? Am I missing something?

It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method.

Any insight or direction would be appreciated. Thank you.

© Stack Overflow or respective owner

Related posts about c#

.NET WebRequest.PreAuthenticate not quite what it sounds like

as seen on West-Wind - Search for 'West-Wind'
I’ve run into the problem a few times now: How to pre-authenticate .NET WebRequest calls doing an HTTP call to the server – essentially send authentication credentials on the very first request instead of waiting for a server challenge first? At first glance this sound like it should be easy:… >>> More
HttpWebRequest and Ignoring SSL Certificate Errors

as seen on West-Wind - Search for 'West-Wind'
Man I can't believe this. I'm still mucking around with OFX servers and it drives me absolutely crazy how some these servers are just so unbelievably misconfigured. I've recently hit three different 3 major brokerages which fail HTTP validation with bad or corrupt certificates at least according to… >>> More
Dynamic Type to do away with Reflection

as seen on West-Wind - Search for 'West-Wind'
The dynamic type in C# 4.0 is a welcome addition to the language. One thing I’ve been doing a lot with it is to remove explicit Reflection code that’s often necessary when you ‘dynamically’ need to walk and object hierarchy. In the past I’ve had a number of ReflectionUtils that used string based expressions… >>> More
The dynamic Type in C# Simplifies COM Member Access from Visual FoxPro

as seen on West-Wind - Search for 'West-Wind'
I’ve written quite a bit about Visual FoxPro interoperating with .NET in the past both for ASP.NET interacting with Visual FoxPro COM objects as well as Visual FoxPro calling into .NET code via COM Interop. COM Interop with Visual FoxPro has a number of problems but one of them at least got a lot… >>> More
Finding a Relative Path in .NET

as seen on West-Wind - Search for 'West-Wind'
Here’s a nice and simple path utility that I’ve needed in a number of applications: I need to find a relative path based on a base path. So if I’m working in a folder called c:\temp\templates\ and I want to find a relative path for c:\temp\templates\subdir\test.txt I want to receive back subdir\test… >>> More

Related posts about roleprovider

Extending the RoleProvider GetRolesForUser()

as seen on Stack Overflow - Search for 'Stack Overflow'
The GetRolesForUser() method in the RoleProvider takes the user login name and returns the list of roles for that user. But in my application this is not enough, I need a few more pieces of information to be able to get the user's roles. How can I get this extra information into the method? I have… >>> More
Custom RoleProvider: Can't insert record in UsersInRole Table

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have implemented a LINQ to SQL based RoleProvider, when I assign role to a user following exception is thrown while AddUsersToRoles method is called. I have defined a composite primary key userid & roleId on this table, it still throwing this exception: Can't perform Create, Update or… >>> More
Custom RoleProvider with MVC 2.0 webconfig

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a custom MembershipProvider and a custom RoleProvider. I created the custom MembershipProvider by creating a SimpleMembershipProvider class which implements the MembershipProvider class. After that I changed my web.config and works. So I used the same approach creating a custom RoleProvider… >>> More
Can I create a custom roleprovider through a WCF service?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a web application that accesses a database through a wcf service. The idea is to abstract the data from the web application using the wcf service. All that works fine but I am also using the built in roleprovider using the SqlRoleManager which does access the aspnetdb database directly. … >>> More
Ninject with MembershipProvider | RoleProvider

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using ninject as my IoC and I wrote a role provider as follows: public class BasicRoleProvider : RoleProvider { private IAuthenticationService authenticationService; public BasicRoleProvider(IAuthenticationService authenticationService) { if (authenticationService == null)… >>> More