5
There are other standards for user authorization/permission other than the Role-based access control standard implemented by Microsoft for technologies. NET?
2 answers
3
By Microsoft, there are basically 3 ways to design standard for permissions:
- Por Roles;
- Por Claims;
- By some other standard implemented by the user (http://msdn.microsoft.com/en-us/library/ms729794.aspx)
The most widespread pattern is the Role-Based, precisely because until the emergence of ASP.NET Identity the standard using up to MVC4 was the Membership and its variants (Simple Membership, Extended Membership, and so on).
The pattern Claims-Based emerged with ASP.NET Identity, in which the whole authentication structure was rethought, fragmenting to the maximum the identity of the user. A Claim (reinivindication, in free translation), it is a fraction of the user’s identity that contains an encrypted identification and access key. Through this, this permission fragment gives the user the right to claim access to a certain part of the system.
There is also this post very interesting which largely discusses the problems of the pattern Role-Based, and suggests an implementation Activity-Based, that would be a simplified variation of the standard Claims-Based.
1
That depends on the technology you’re using. If you are using MVC, I would recommend that you customize a class and specify roles, for example the Authorizeattribute(System.Web.Mvc).
This link explains right and has some examples:
Browser other questions tagged c# .net security-guard
You are not signed in. Login or sign up in order to post.