27.3. Role-Based Security
Now that you understand how code access security works, we can turn our attention to a related feature included in the .NET Framework that can assist with authorization — role-based security. As you will remember from earlier in this chapter, authorization is how your application controls access to different resources and operations for different identities. At its most basic level, authorization answers the question, "What can a user do within this application?"
Role-based security approaches authorization by defining different application roles, and then building into your application security around those roles. Individual users are assigned to one or more roles, and inherit the rights assigned to those roles. The rights assigned to a role may allow access to certain functions within the application, or limit access to a subset of the data. For example, your application may need to provide full access to a database on sales tenders only to employees who are either managers or lead salespeople. However, the supporting employees involved in a tender may need access to a subset of the information, such as product specifications but not pricing information, which you want to be able to provide from within the same application.
Role-based security enables you to do this by explicitly specifying different levels of approval within the application functionality itself. You can even use this methodology to give different user roles access to the same functionality ...
Get Professional Visual Studio® 2008 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.