0

Not sure how to go about answering this question in a way that will not lead to a discussion. However, we are building a commercial application. We've chose to use Identity as our form of authentication.

Our application security will not fit in a traditional IsInRole and everything we do has to be dynamic.

We kind of follow a pattern like windows file security. We have SecurityObjects. SecurityObjects come from a table that is hierarchical.

SecurityObjects then have SecurityObjectPermissions of Full, Read, Write, Deny.

The design is we can use these with anything we need to apply security to.

The example I'm going to use for this question is our application is modular and has multiple plugins.

PluginA & PluginB would be SecurityObjects. Then each of these SecurityObjects would have child SecurityObjects.

PluginA | --- View 1 --- View 2

PluginB
| --- View 11 --- view 12

Then users or roles as it may be would give SecurtyObjectPermissions to any or all of the SecurityObjects above.

Originally, the though would be we would create complex claim types because we need to associate View11 & View12 as children of PluginB in our claims.

However, I've been reading it's advised not to create custom complex claims types.

Right now most of our code will be MVC/C# but we will sprinkle in jquery when needed. And down the road if we need to do everything in javascript, we want to make sure we won't have any problems reading our claims from javascript.

So the question is, does anybody have a sample or article, document etc they would recommend to us to use?

Thank you in advance for any comments or suggestions.

kfrosty
  • 805
  • 1
  • 8
  • 14
  • Update: We are using ClaimsIdentity and in the original comments we're using MVC/C#. Currently if it's recommended we shouldn't use complex types for Claim values, then the only other thing I know to do is implement our own custom UserStore and IUser class and hydrate the user account after authentication. I assume we're going to have to do the same with profile values as well as everything is not as simple as a simple property and value. Either this or figure out some type of formatting schema and serialize everything to a string and deserialize it. – kfrosty Mar 16 '15 at 12:13

1 Answers1

0

It sounds like you would have better luck looking into the implementing the ClaimsIdentity structure. This is like the claims that you would have in windows as a user and can be as granular as you need.

Here is some documentation from Microsoft about implementing it but there is a lot out there with practical examples ClaimsIdentity

Marco
  • 41
  • 4
  • I forgot to add that in the current application my company is building we ended up implementing this so we could build dynamic roles defined by the users and not by us, instead it made the roles just a collection of claims – Marco Mar 15 '15 at 18:45