|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
users and rolesI haven a question concerning roles and membership in asp.net 2.0. I work for an online university, and we would like to implement role based security for our portal. Currently our university has 11 courses, which fall in 5 semesters, and each course has is then subdivived into approx 5 or more groups, and in each group we have teachers, students, teacherAssistants. A quick calculation can approximate that we have to create about 825 roles. (11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles) Of course, this is only an estimate, and we are probably going to need more userTypes(students, teachers, teacherAssistants, headTeacherAssistant), and create more courses(math, french,computerScience). The number of semester might also increase if we decided to make the length of a semester shorter. To solved this, I proposed the following idea, and would like your opinion on this approach to see if it's viable in terms of maintenance, and fine control over security. Each roles would have the following naming convention. roleName -> "<course><semester><groupName><userType>" Here is an example of 12 roles that would be created to satisfy 2 courses all in Fall with 2 groups in each course. ChemistryFallGroup1Student ChemistryFallGroup1Teacher ChemistryFallGroup1TeacherAssistant ChemistryFallGroup2Student ChemistryFallGroup2Teacher ChemistryFallGroup2TeacherAssistant ReligionFallGroup1Student ReligionFallGroup1Teacher ReligionFallGroup1TeacherAssistant ReligionFallGroup2Student ReligionFallGroup2Teacher ReligionFallGroup2TeacherAssistant My quesiton is the following, Is this a bad way to organize roles for this type of portal. Also, is there an alternative way to do this do this kind of roles based security. By alternative, I mean creating a custom RoleProvider, and adding a groupID column. That way in the aspnet_UsersInRoles table we would have the following columns. (UserId | RoleId | GroupID). Is this second approach going to lead to a lot of problems down the road, and will it require a lot of work? Will this mean we would have to rewrite a lot of controls that work with the SqlRoleProvider, and SqlMembershipProvider. I would appreciate any feedback, or advice. Also, if you can suggest which approach is better and why, or suggest alternatives ways. Thank you for the time you have given this post, and I hope to hear from you soon. Francis I think you're defining yoru rolls a little too fine grained. They
shouldn't change just because the courses change or the length of the semister changes. Roles could be student, department administrator, professor, etc. In your business logic, you could further check to make sure a prof. doesn't edit courses which aren't taught by him, but this requires specifies of the data. The business logic can examine a specific piece of data and determine permissions, but your roles shouldn't change because data changes. Not sure if that's quite the answer you want, but that's the route I'd go. Try to avoid your route as much as possible; that will be a maintence nightmare. HTH Andy Hi
It may be useful to put some of the security logic into a database structure, rather than a heirarchical tree of roles. Doing this, it's apparent that there is a course table, a semester table, a group table and a usertype table. There are also entities relating these tables together. Querying of the database for assessing the type of access to courses would then rely on foreign key constraints to enforce all of the relationships. OK, you're not using the security subsystem to control access, but then perhaps this is a problem that may require a different approach. Hope this helps Chris Seary Show quoteHide quote "Francis Reed" wrote: > Hi > > I haven a question concerning roles and membership in asp.net 2.0. I work > for an online university, and we would like to implement role based security > for our portal. Currently our university has 11 courses, which fall in 5 > semesters, and each course has is then subdivived into approx 5 or more > groups, and in each group we have teachers, students, teacherAssistants. A > quick calculation can approximate that we have to create about 825 roles. > (11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles) > > Of course, this is only an estimate, and we are probably going to need more > userTypes(students, teachers, teacherAssistants, headTeacherAssistant), and > create more courses(math, french,computerScience). The number of semester > might also increase if we decided to make the length of a semester shorter. > To solved this, I proposed the following idea, and would like your opinion > on this approach to see if it's viable in terms of maintenance, and fine > control over security. Each roles would have the following naming > convention. > > roleName -> "<course><semester><groupName><userType>" > > Here is an example of 12 roles that would be created to satisfy 2 courses > all in Fall with 2 groups in each course. > > ChemistryFallGroup1Student > ChemistryFallGroup1Teacher > ChemistryFallGroup1TeacherAssistant > > ChemistryFallGroup2Student > ChemistryFallGroup2Teacher > ChemistryFallGroup2TeacherAssistant > > ReligionFallGroup1Student > ReligionFallGroup1Teacher > ReligionFallGroup1TeacherAssistant > > ReligionFallGroup2Student > ReligionFallGroup2Teacher > ReligionFallGroup2TeacherAssistant > > My quesiton is the following, Is this a bad way to organize roles for this > type of portal. Also, is there an alternative way to do this do this kind of > roles based security. By alternative, I mean creating a custom RoleProvider, > and adding a groupID column. That way in the aspnet_UsersInRoles table we > would have the following columns. > (UserId | RoleId | GroupID). Is this second approach going to lead to a lot > of problems down the road, and will it require a lot of work? Will this mean > we would have to rewrite a lot of controls that work with the > SqlRoleProvider, and SqlMembershipProvider. I would appreciate any feedback, > or advice. Also, if you can suggest which approach is better and why, or > suggest alternatives ways. Thank you for the time you have given this post, > and I hope to hear from you soon. > > Francis > > > > > > 
Other interesting topics
FileLoadException when running app with Impersonate from network folder.
SslStream AuthenticateAsServer help Help please, security problem with NET Fail mutual authentication from c# client to tomcat 4.1 web servic Ent. Library w/DB 2 registry access problem How to use makecert.exe ? Signing documents with certificates Extracting certificate from the smart card thru cryptoApi in c# How can I extract the certificate from smart card by cryptoAPI in ASP.NET writing to EventLog in Server 2003 |
|||||||||||||||||||||||
