ACL in ASP.NET MVC 3

Question

I am looking for a solution in asp.net mvc for acl like the cakephp is giving by her ACL component.

I want to create the acl so I can assign permission on role and user basis.

Thanks

I'm not familiar with CakePHP's capabilities, yet I must ask, why not use the [Authorize(Roles=..., Users=...)] attribute for controllers? — Moshe, May 20 '11 at 15:09
Also, you might find this answer useful: http://stackoverflow.com/questions/1335315/access-control-in-asp-net-mvc-depending-on-input-parameters-service-layer — Moshe, May 20 '11 at 15:24

score 1 · Answer 1 · answered Mar 13 '12 at 14:05

1

CakePHP's ACL is quite powerful. I haven't seen anything ready-to-use for MVC.NET that does something similar. For those of you who think that MVC.NET's AuthorizeAttribute is equivalent, please read the cakephp doc's and be enlightened. :)

answered Mar 13 '12 at 14:05

Sebastien Martin

1,341
11
25

If you're going to build something custom, I'd spend a bit of time watching Zed Shaw's talk on ACLs: http://vimeo.com/2723800 . The important take away is that the rules themselves need to be clear and reviewable by quazi-technical humans. – Sebastien Martin Mar 13 '12 at 14:07

score -1 · Answer 2 · answered Aug 26 '11 at 00:35

-1

This tutorial: MVC3: Login System with the AuthorizeAttribute demonstrates how to use the AuthorizeAttribute with the Roles and Users, which is equivalent to ACL.

answered Aug 26 '11 at 00:35

endyourif

2,186
19
33

3

It is not equivalent. ACL means that you'll look up the data entity that action needs and then lookup the permission dynamically. For example, if an action is ListFiles(string folder), you'd lookup the permission for the current user on the specified folder to resolve authorization. I don't think AuthorizeAttribute can do ACL. – srmark Oct 10 '11 at 19:30

ACL in ASP.NET MVC 3

2 Answers2