Friday, August 15, 2003

Role Access Security in .NET Google Search It First of all let me say I am very disappointed with the Role Access Security in .NET.  I am probably missing something but it appears Microsoft entirely missed my requirements on this one.  With Role Access security you essentially hard wire what roles are in your application (Administrators, OfficeWorkers, FieldWorkers, etc) and then check whether the current user is in one of these roles before granting them access.  My requirements force me to allow new roles to be defined by my users and that operations be assigned to each role indicating whether a user assigned to that role is allowed to perform the operation.  Role based security enables us to ask whether the current user (Principal) is in a particular role.  The question that I believe is much more prevalent is can the current Principal perform a particular operation.  Trying to morph Microsoft's model to a finer grained model involving operations is a significant challenge without simply writing everything from scratch. None of the following papers address my concerns but they provide an introduction as to what is available in Role Access Security: .NET Security Role Access Security by Jason Bock, Pete Stromquist, Tom Fischer, and Nathan Smith Unify the Role-Based Security Models for Enterprise and Application Domains with .NET by Juval Lowy Distributed Security Practices by Juval Lowy Secure Your .NET Apps Sample Chapter from Visual Basic .NET Code Security Handbook Chapter 8 of Building Secure Microsoft® ASP.NET Applications Implementing .NET Role-Based security withouth COM+ by Peter Bromberg 2:07:18 PM   []    comment []

Changing the MSCorlib Model in Rational XDE Google Search It While diagramming some of the System.Security.Principal related classes in Rational XDE yesterday I encountered a problem.  Although IPrincipal had an Identity property of type IIdentity there was no association between the two classes in the model.  Furthermore, any attempt to change the model produced and error indicating that the model was read only.  hmm..... After talking with Rational support I received instructions for how to change the models so that they are not read only.  Below are the steps: Close VS.NET. Open C:Program FilesRationalXDEAddinsvs7rtevsnetModelsv1.1mscorlib.mdx in an XML editor. Locate the line that starts with "<RMS:MODEL xmlns:RMS=..." (which should be like the 3rd line from the top). On this line, locate frozen="true" and change it to frozen="false" Save the file and close it. Open up VS.NET again and the mscorlib designs should now be modifiable. 10:00:57 AM   []    comment []

© Copyright 2004 Mark Michaelis.