0

It it possible to use claims based permissions to secure EF fields using post sharp. We have a multi-tenanted app that we are moving to claims and also have issues of who can read/write to what fields. I saw this but it seems role based http://www.postsharp.net/aspects/examples/security.

As far as I can see it would just be a case of rewriting the ISecurable part.

We were hoping to be able to decorate a field with a permission and silently ignore any write to if if the user did not have permission. We were also hopping that if they read it we could swap in another value e.g. Read salary and get back 0 if you don't have a claim ReadSalary.

Are these standard sort of things to do I've never done any serious AOP. So just wanted a quick confirmation before I mention this as an option.

GraemeMiller
  • 11,973
  • 8
  • 57
  • 111

1 Answers1

1

Yes, it is possible to use PostSharp in this case and it should be pretty easy to convert given example from RBAC to claims based.

One thing that has to be considered is performance. When decorated fields are accessed frequently during processing an use-case (e.g. are read inside a loop) then a lot of time is wasted in redundant security checks. Decorating a method that represent an end-user's use-case would be more appropriate.

I would be afraid to silently swapping values of fields when user has insufficient permission. It could lead to some very surprising results when an algorithm is fed by artificial not-expected data.

Jakub Linhart
  • 4,062
  • 1
  • 26
  • 42