ProWebNetworks
asked on
Permissions based security in C#
Hey guys, I am building an app in C# that needs to have permissions based security. I have 3 tables that apply to this in SQL.
Table 1: Users
Table 2: Available Permissions
Table 3: Assigned Permissions
Any user could have 1 or 50 permissions assigned to them. Each "section" within the app has a ID associated with it, and the permission for that area reflects that ID. For instance if the "Customers" section has an ID of '4' - then the user would need to have permission ID '4' assigned to them if they are going to need access to the "Customers" section of the application.
My Question:
What is the best way for keeping the recordset containing the users assigned permissions so that I can reference it throughout the application? This recordset will need to be available on multiple forms at multiple times. I understand I could query the database, but that could be a large hit on the number of unnecessary requests.
I was considering a variable array? But I am lost how to query the array for a particular value without looping. Unless looping would be the best or only method? Maybe variable array isn't what I should use - maybe DataTable?
Any experienced suggestions would be great - thanks.
Table 1: Users
Table 2: Available Permissions
Table 3: Assigned Permissions
Any user could have 1 or 50 permissions assigned to them. Each "section" within the app has a ID associated with it, and the permission for that area reflects that ID. For instance if the "Customers" section has an ID of '4' - then the user would need to have permission ID '4' assigned to them if they are going to need access to the "Customers" section of the application.
My Question:
What is the best way for keeping the recordset containing the users assigned permissions so that I can reference it throughout the application? This recordset will need to be available on multiple forms at multiple times. I understand I could query the database, but that could be a large hit on the number of unnecessary requests.
I was considering a variable array? But I am lost how to query the array for a particular value without looping. Unless looping would be the best or only method? Maybe variable array isn't what I should use - maybe DataTable?
Any experienced suggestions would be great - thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Using your suggestion to use Lists was the nudge in the right direction I needed. Below is my code and it works - thank you.
static List<int> SecurityList = new List<int>();
public static void PopulateSecurityList()
{
SecurityList.Add(4);
SecurityList.Add(9);
SecurityList.Add(10);
}
public static bool CheckSecurity(int SecurityID)
{
return SecurityList.Contains(SecurityID);
}
ASKER
How would I change that to be Serialized? Or do I need to?
Serialization will allow you to take the data from SQL in XML format and serialize it to the security object which would save you from having to iterate through each value populating the object.
However that really is only a benifit if you are expecting to have high volume on your services. If not high volume then it may not be worth the time taken to develop that portion.
However that really is only a benifit if you are expecting to have high volume on your services. If not high volume then it may not be worth the time taken to develop that portion.
ASKER
this.Add(SecID); ??
If this were the case I would have for an example 10 - ID's to add to the list. I would do:
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
this.Add(SecID)
Then how would I go about searching for a specific id? For example I would need to see if the SecID 4 shows up in the list to see if the user should have access to the customer area.