StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1250978
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2009-08-09T08:54:36.893
FavoriteCount
0
LastActivityDate
2009-08-12T08:48:26.680
LastEditDate
2009-08-12T08:48:26.680
LastEditorUserId
23354
OwnerUserId
23354
ParentId
1222974
PostTypeId
2
Score
31
ViewCount
0
LastEditorDisplayName
text
Body
For coarse-grained security, you might find the inbuilt principal code useful; the user object (and their roles) are controlled in .NET by the "principal", but usefully the runtime itself can enforce this. The implementation of a principal can be implementation-defined, and you can usually inject your own; <a href="http://www.leastprivilege.com/CustomPrincipalsAndWCF.aspx" rel="noreferrer">for example in WCF</a>. To see the runtime enforcing coarse access (i.e. which functionality can be accessed, but not limited to which specific data): <pre><code>static class Roles { public const string Administrator = "ADMIN"; } static class Program { static void Main() { Thread.CurrentPrincipal = new GenericPrincipal( new GenericIdentity("Fred"), new string[] { Roles.Administrator }); DeleteDatabase(); // fine Thread.CurrentPrincipal = new GenericPrincipal( new GenericIdentity("Barney"), new string[] { }); DeleteDatabase(); // boom } [PrincipalPermission(SecurityAction.Demand, Role = Roles.Administrator)] public static void DeleteDatabase() { Console.WriteLine( Thread.CurrentPrincipal.Identity.Name + " has deleted the database..."); } } </code></pre> However, this doesn't help with the fine-grained access (i.e. "Fred can access customer A but not customer B"). <hr> Additional; Of course, for fine-grained, you can simply check the required roles at runtime, by checking <code>IsInRole</code> on the principal: <pre><code>static void EnforceRole(string role) { if (string.IsNullOrEmpty(role)) { return; } // assume anon OK IPrincipal principal = Thread.CurrentPrincipal; if (principal == null || !principal.IsInRole(role)) { throw new SecurityException("Access denied to role: " + role); } } public static User GetUser(string id) { User user = Repository.GetUser(id); EnforceRole(user.AccessRole); return user; } </code></pre> You can also write your own principal / identity objects that do lazy tests / caching of the roles, rather than having to know them all up-front: <pre><code>class CustomPrincipal : IPrincipal, IIdentity { private string cn; public CustomPrincipal(string cn) { if (string.IsNullOrEmpty(cn)) throw new ArgumentNullException("cn"); this.cn = cn; } // perhaps not ideal, but serves as an example readonly Dictionary<string, bool> roleCache = new Dictionary<string, bool>(); public override string ToString() { return cn; } bool IIdentity.IsAuthenticated { get { return true; } } string IIdentity.AuthenticationType { get { return "iris scan"; } } string IIdentity.Name { get { return cn; } } IIdentity IPrincipal.Identity { get { return this; } } bool IPrincipal.IsInRole(string role) { if (string.IsNullOrEmpty(role)) return true; // assume anon OK lock (roleCache) { bool value; if (!roleCache.TryGetValue(role, out value)) { value = RoleHasAccess(cn, role); roleCache.Add(role, value); } return value; } } private static bool RoleHasAccess(string cn, string role) { //TODO: talk to your own security store } } </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POAuthentication, Authorization, User and Role Managment and general Security in .NET
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USMarc Gravell
UserOwnerUserId
1. USMarc Gravell
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POAuthentication, Authorization, User and Role Managment and general Security in .NET
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.