Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Permissions based security in C#

Posted on 2009-04-07
5
Medium Priority
?
266 Views
Last Modified: 2013-12-17
Hey guys, I am building an app in C# that needs to have permissions based security. I have 3 tables that apply to this in SQL.

Table 1: Users
Table 2: Available Permissions
Table 3: Assigned Permissions

Any user could have 1 or 50 permissions assigned to them. Each "section" within the app has a ID associated with it, and the permission for that area reflects that ID. For instance if the "Customers" section has an ID of '4'  - then the user would need to have permission ID '4' assigned to them if they are going to need access to the "Customers" section of the application.

My Question:
What is the best way for keeping the recordset containing the users assigned permissions so that I can reference it throughout the application? This recordset will need to be available on multiple forms at multiple times. I understand I could query the database, but that could be a large hit on the number of unnecessary requests.

I was considering a variable array? But I am lost how to query the array for a particular value without looping. Unless looping would be the best or only method? Maybe variable array isn't what I should use - maybe DataTable?

Any experienced suggestions would be great - thanks.

0
Comment
Question by:ProWebNetworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Accepted Solution

by:
ShazbotOK earned 2000 total points
ID: 24089302
Create a serializable strongly typed class object and then map that to to a List<T> where you can then utilize the powerful asynch search/compare functionality of that class object.
By setting the class object as serializable you can construct the class to be your business object which can be instantiated by a XML formatted dataset, this would allow you to create a list of business objects from the SQL rowset and utilize the object oriented programming that we all know and revere.
IE:

class SecurityList : List<SecurityContainer>
{}  // generates a strongtype list specifically for the SecurityContainer

[Serializable]
Class SecurityContainer
{
         private int secLevel;
         private string secPermissionName;

         public int SecurltyLevel
         {
              get{ return secLevel;}
              set{ secLevel = value;}
         }
         // more properties to instantiate
}
 
0
 
LVL 1

Author Comment

by:ProWebNetworks
ID: 24090281
So how would I add values to the list class?
this.Add(SecID);  ??

If this were the case I would have for an example 10 - ID's to add to the list. I would do:

this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)

Then how would I go about searching for a specific id? For example I would need to see if the SecID 4 shows up in the list to see if the user should have access to the customer area.

0
 
LVL 1

Author Comment

by:ProWebNetworks
ID: 24091096
Using your suggestion to use Lists was the nudge in the right direction I needed. Below is my code and it works - thank you.
static List<int> SecurityList = new List<int>();      
 
 
  public static void PopulateSecurityList()
        {
            
            SecurityList.Add(4);
            SecurityList.Add(9);
            SecurityList.Add(10);
        }
 
        public static bool CheckSecurity(int SecurityID)
        {
            return SecurityList.Contains(SecurityID);
 
        }

Open in new window

0
 
LVL 1

Author Comment

by:ProWebNetworks
ID: 24091101
How would I change that to be Serialized? Or do I need to?
0
 
LVL 12

Expert Comment

by:ShazbotOK
ID: 24098062
Serialization will allow you to take the data from SQL in XML format and serialize it to the security object which would save you from having to iterate through each value populating the object.
However that really is only a benifit if you are expecting to have high volume on your services.  If not high volume then it may not be worth the time taken to develop that portion.
0

Featured Post

Stressed Out?

Watch some penguins on the livecam!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question