activity/task based authorisation

Question

Rhino security seems to offer a nice way to perform task/activity based authorization. This is some example code:

bool isAllowed = authorizationService.IsAllowed(userXYZ, "/Messages/Change");

It checks whether userXYZ can perform activity 'Change' on resource 'Messages'. This is all great but I do not like the way the resource and activity is hard coded. Do you reckon there is a way to overcome this? Thanks!

what do you mean hardcoded? if it's a string...can't you build/retrieve the string from somewhere else? — Bogdan Varlamov, Mar 06 '14 at 02:19
Then you would have to maintain this. I guess one could use reflection ... — cs0815, Mar 06 '14 at 09:31

score -1 · Answer 1 · answered May 29 '13 at 11:31

-1

Why dont use web.configs? Check this nice article http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

answered May 29 '13 at 11:31

Eugene K.

85
1
11

Also you can mix Rhino with appSettings, where you can define paths. Or you can use Rhino with any other file where would be stored settings. – Eugene K. May 29 '13 at 11:34
This is not just for ASP.NET (MVC) pages ... besides this can get messy and I prefer everything to be stored in a proper db. – cs0815 May 29 '13 at 11:35
So why not make similar to article that I've posted? Create some xml file store there your settings (allow to, deny to, paths). read from there and decide allow user to do anything with that or not. – Eugene K. May 29 '13 at 11:41
or this settings in db. where you want. – Eugene K. May 29 '13 at 11:42

activity/task based authorisation

1 Answers1