Beantown .NET User Group Meeting
January Meeting Reminder
Ben Day: Implement "Rights-Based", not "Role-Based" Security in .Net
When: Thursday January 5, 2005, 5:30 – 7:30pm
Where: Addesso Systems,
One Liberty Square
, 7th Floor, Boston, MA
All are welcome, but please (RSVP) if you want free pizza!
Talk SummaryThe .NET security principal classes (WindowsPrincipal, GenericPrincipal) help you secure your application by checking if a user is a member of a "role". For example, only members of "HR" role can view employee information. What if the requirements changed and now "HR" users can only view employee information for certain org units? A call to IsInRole() wouldn't be enough because now you need the context of the org unit. Is this user a member of "HR" in the New York office? The solution is a rights-based security model. Rights-based security extends the traditional role-based security with the granularity of context-relevant securable actions.
In this session, Ben will discuss the essentials of developing a rights-based security model in .NET, how to develop your own IPrincipal classes, and how to tie a rights-based security framework into the ASP.NET 2.0 membership features using a custom role provider.
Speaker BioBenjamin Day is an independent consultant specializing in the design and development of web and Windows database applications using Microsoft .NET technologies. With 9+ years of consulting experience, he has worked with clients such as Fidelity Investments, the Massachusetts Department of Revenue, Deloitte Consulting, and Ceridian Lifeworks. When not developing software, Ben plays piano with a Boston-based jazz trio and is an enthusiastic restaurant, food, beer and wine buff. He can be contacted via www.benday.com.