Databases
StackOverflow2013
Postsdbo
POAdvice on structuring access control in database using entity framework
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAdvice on structuring access control in database using entity framework
    primarykey
    data
    text
    <p>I am looking for some advice and assistance with an architecture I am attempting to implement. The application I am building provides SSO and central authentication for multiple ASP.NET websites that we use internally. The problem I am facing is that I cannot seem to come up with a way to structure my data in entity framework that makes sense. </p> <p>Overview: 1) An account can be associated with many applications 2) Roles are specific to each application 3) Features are specific to each application 4) It is not shown below but I would like to further break down the associations and make Accounts members of “Directories” and an application can access users within a list of directories associated with the application (does this make sense?) A user “Joe” would have permissions like below: </p> <pre><code>Application 1: Role | Feature 1 | Feature 2 | Feature 3 ============================================= Role1 | x | | x Role2 | | x | x Role3 | x | x | x Application 2: Role | Feature 1 | Feature 2 | Feature 3 ============================================= Role1 | | | x Role2 | | x | Role3 | x | x | x </code></pre> <p>I would access these permissions via an API similar to: </p> <pre><code>CheckAccountPermission(Role, Feature), IsAccountInRole(Role) </code></pre> <p>Currently, I have been trying the following model:</p> <pre><code>Application.cs public int ApplicationId { get; set; } public Guid ApplicationGuid { get; set; } public string Name { get; set; } public string Description { get; set; } public bool IsEnabled { get; set; } public DateTime DateCreated { get; set; } public DateTime? LastModified { get; set; } public virtual ICollection&lt;Directory&gt; Directories { get; set; } public virtual ICollection&lt;Feature&gt; Features { get; set; } public virtual ICollection&lt;AccountPermission&gt; AccountPermissions { get; set; } Account.cs public int AccountId { get; set; } public string Username { get; set; } public string Password { get; set; } public string PasswordSalt { get; set; } public string FirstName { get; set; } public string MiddleName { get; set; } public string LastName { get; set; } public string EmailAddress { get; set; } public string AvatarUrl { get; set; } public string AccountNotes { get; set; } public DateTime? LastLogin { get; set; } public DateTime DateCreated { get; set; } public DateTime? LastModified { get; set; } public DateTime? LastActivity { get; set; } public bool IsEnabled { get; set; } //-------------------// public int DirectoryId { get; set; } public virtual Directory Directory { get; set; } public virtual ICollection&lt;Session&gt; Sessions { get; set; } public virtual ICollection&lt;AccountPermission&gt; AccountPermissions { get; set; } Directory.cs public string Name { get; set; } public string Description { get; set; } public bool IsEnabled { get; set; } public virtual ICollection&lt;Account&gt; Accounts { get; set; } public virtual ICollection&lt;Role&gt; Roles { get; set; } public virtual ICollection&lt;Application&gt; Applications { get; set; } Role.cs public int RoleId { get; set; } public string Name { get; set; } public string Description { get; set; } public int? PrimaryRoleId { get; set; } public Role PrimaryRole { get; set; } public DateTime DateCreated { get; set; } public DateTime? LastModified { get; set; } public virtual int DirectoryId { get; set; } public virtual Directory Directory { get; set; } public virtual ICollection&lt;AccountPermission&gt; AccountPermissions { get; set; } AccountPermission.cs [Key, Column(Order = 0)] public int AccountId { get; set; } public virtual Account Account { get; set; } [Key, Column(Order = 1)] public int RoleId { get; set; } public virtual Role Role { get; set; } [Key, Column(Order = 2)] public int FeatureId { get; set; } public virtual Feature Feature { get; set; } [Key, Column(Order = 3)] public int ApplicationId { get; set; } public virtual Application Application { get; set; } </code></pre> <p>If I am off base or misguided here, please feel free to point me in the right direction. I really want to get this right. Any clarifying information I can provide, please let me know! Thanks everyone!</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USClayton Bench
    1. USClayton Bench
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POAdvice on structuring access control in database using entity framework
      1. USClayton Bench
      1. VTFavorite
    1. COif you are using MVC have considered using simple membership before creating your own user profiles? heres some info on simple memebership http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx?utm_source=twitterfeed&utm_medium=twitter
      singulars
      1. POAdvice on structuring access control in database using entity framework
      1. USYugz
    2. COThank you, Yugz. I looked into using simple membership to begin with. However, I cannot see how it affords me the "Features" requirement we have plus the requirement for application segregation.
      singulars
      1. POAdvice on structuring access control in database using entity framework
      1. USClayton Bench
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload