If you need to perform fine-grained authorization based on business logic, use imperative authorization

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use imperative role-based authorization when you need to make fine-grained authorization choices based upon business logic or when finer-grained access control beyond the level of a code method is required.

Imperative check using a windows principal:
WindowsPrincipal myPrincipal = new WindowsPrincipal(ServiceSecurityContext.Current.WindowsIdentity);
if(myPrincipal.IsInRole(@"domain\Accounting"))
{
//authorized
}
else
{
//not authorized
}

Imperative check using the aspnet role provider:
if (Roles.IsUserInRole(@"accounting"))
{
//authorized
}
else
{
//authorization failed

}

Last edited Apr 24, 2008 at 12:40 AM by prashantbansode, version 2

Comments

No comments yet.