Saturday, 17 May 2008

A DynamicData Attribute Based Permission Solution using User Roles

Articles in this Series

Introduction

This project is going to add roles based security to the new DynamicData framework (preview 12/05/2008) from Microsoft.

Solution objectives:

  • Place the security metadata near to the model. This concept is fundamental to DynamicData that what you change in the model effects the site without changeing it a page level.
  • Standardise the code for security and make it easy to add to a site. This will reduce the time in setting up security for a dynamic data site.
  • As the starting point for the model security is already full access then the security model will follow a Deny pattern.
    • Table level permissions
      • DenyRead
      • DenyEdit
      • DenyInserts
      • DenyDelete
      • DenyDetailsView
      • DenySelectItem
    • Field level permissions
      • DenyRead
      • DenyEdit
  • Control page filters via metadata. Again this will take the management of page filters to the model simplifying management of the site here.
  • Add simple auditing to tables and automate its update here.
    • Created by: String ,
    • Created when: data time
    • Updated by: String
    • Updated when: data time

Useful Links

David Ebbo has a great screen cast showing how to setup Dynamic Data here.

Blogs

David Ebbo, Scott Hunter, Marcin Dobosz, DATA DEVELOPER.NET

Forum

ASP.NET Dynamic Data the best place to ask questions and get stimulated into doing more.

Preview Home

ASP.NET Dynamic Data Preview

Note: This article will assume that you know how to setup a basic DynamicData web site. It will not explain how create the different components used to make this work just how to put them together to make it work.

5 comments:

Xinde said...

Really great article.

Is it possible to retrieve subset of data based on user id or user name?

Steve said...

Hi xinde I dont see a problem there it would be just a matter of adding a where to the linq data scource on the page you may need to implement my Automatic Column Update then you could user the hidden column to filter the data by user name.
Hopt this helps.


Steve

Xinde said...

Can you give an example about retrieving certain data depending on user name? Thanks a lot.

Steve said...

Yes I don't see why not. I think I may add a radio button to turn it in the FilterReapeter :D

Xinde said...

Great. I cannot wait to read your article. Thanks.