Discretionary ACL Authorization Security Model in Web Applications with NHibernate

dB.

Rate me:

4.50/5 (4 votes)

27 Feb 2009CPOL10 min read

81.1K

432

A practical object-level security approach.

vestris.objectlevelsecurity.zip
- Vestris.ObjectLevelSecurity
  - 1.0
    - Article
      - domainmodel.jpg
      - objectlevelsecurity.html
    - Source
      - Blogs
        
        App_Code
        
        Global.asax.cs
        
        IdentityServiceMembershipProvider.cs
        
        IdentityServiceMembershipUser.cs
        
        Blog.aspx
        
        Blog.aspx.cs
        
        Default.aspx
        
        Default.aspx.cs
        
        Global.asax
        
        Login.aspx
        
        Login.aspx.cs
        
        MasterPage.master
        
        MasterPage.master.cs
        
        Web.Config
      - build.cmd
      - Data.NHibernate.UnitTests
        
        AccountUnitTests.cs
        
        BlogAuthorUnitTest.cs
        
        BlogPostUnitTests.cs
        
        BlogUnitTests.cs
        
        Data.NHibernate.UnitTests.csproj
        
        NHibernateCrudTest.cs
        
        NHibernateTest.cs
        
        Properties
        
        AssemblyInfo.cs
      - Data.NHibernate
        
        Account.cs
        
        Account.hbm.xml
        
        AssemblyInfo.cs
        
        Blog.cs
        
        Blog.hbm.xml
        
        BlogAuthor.cs
        
        BlogAuthor.hbm.xml
        
        BlogPost.cs
        
        BlogPost.hbm.xml
        
        Data.NHibernate.csproj
        
        IDataObject.cs
        
        obj
        
        Debug
        
        Vestris.Data.NHibernate.Account.hbm.xml
        
        Vestris.Data.NHibernate.Blog.hbm.xml
        
        Vestris.Data.NHibernate.BlogAuthor.hbm.xml
        
        Vestris.Data.NHibernate.BlogPost.hbm.xml
      - Data.Script
        
        Data.Script.csproj
        
        Program.cs
        
        Properties
        
        AssemblyInfo.cs
      - Database
        
        Model.npersist
        
        OLS.omproj
        
        OLS.sql
      - ObjectLevelSecurity.proj
      - ObjectLevelSecurity.sln
      - OLS.nunit
      - Service.Data.UnitTests
        
        AccountACLUnitTests.cs
        
        ACLClassUnitTests.cs
        
        BlogACLUnitTests.cs
        
        BlogPostACLUnitTests.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Service.Data.UnitTests.csproj
        
        UserContextUnitTests.cs
      - Service.Data
        
        AccountClassACL.cs
        
        ACL.cs
        
        AuthorizationConnector.cs
        
        BlogAuthorClassACL.cs
        
        BlogClassACL.cs
        
        BlogPostClassACL.cs
        
        DataInterceptor.cs
        
        DataOperation.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Service.Data.csproj
        
        ServiceDataEventListeners.cs
      - Service.Identity.UnitTests
        
        IdentityServiceUnitTests.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Service.Identity.UnitTests.csproj
        
        UserContextUnitTests.cs
      - Service.Identity
        
        AccessDeniedException.cs
        
        IdentityService.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Service.Identity.csproj
        
        UserContext.cs
        
        UserContextSessionStorage.cs
      - Service.NHibernate
        
        Impersonator.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Service.NHibernate.csproj
        
        SessionContext.cs
        
        SessionFactory.cs
        
        SessionFactoryEventListeners.cs
        
        SessionManager.cs
        
        SessionOpener.cs
        
        SessionStorage.cs
      - Version
        
        GlobalAssemblyInfo.cs
        
        Properties
        
        AssemblyInfo.cs
        
        Version.csproj

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

dB.

Team Leader Application Security Inc., www.appsecinc.com

United States

Daniel Doubrovkine has been in software engineering for twelve years and is currently development manager at Application Security Inc. in New York City. He has been involved in many software ventures, including Xo3 and Vestris Inc, was a development lead at Microsoft Corp. in Redmond, and director of Engineering at Visible Path Corp. in New York City. Daniel also builds and runs a foodie website, http://www.foodcandy.com.

Discretionary ACL Authorization Security Model in Web Applications with NHibernate

License

Comments and Discussions