Application Security Model

Michał Kosmala

Rate me:

3.75/5 (9 votes)

14 May 2008CPOL3 min read

31.3K

192

Article describes an easy and light way to secure access to methods in your application.

applicationsecuritymodelexample.zip
- ApplicationSecurityModelExample
  - ApplicationSecurityModelExample.sln
  - Projects
    - SecuredLibrary
      - bin
        
        Debug
        
        SecuredLibrary.dll
      - BusinessObjects
        
        Interfaces
        
        IBusinessObject.cs
        
        SecuredObject.cs
        
        User.cs
      - Common
        
        Exceptions
        
        NotValidValueException.cs
        
        UserNotAuthorizedException.cs
        
        MethodSecuredAttribute.cs
        
        TextLabels.cs
      - Controlers
        
        DisplayAllObjectsToSecurePresenter.cs
        
        Interfaces
        
        IDisplayAllObjectsToSecurePresenter.cs
        
        IPresenter.cs
        
        ViewInterfaces
        
        IDisplayAllObjectsToSecureView.cs
        
        IView.cs
      - Model
        
        ExampleModel.cs
        
        Interfaces
        
        IModel.cs
        
        ModelFactory.cs
      - MyClass.cs
      - Properties
        
        AssemblyInfo.cs
      - SecuredLibrary.csproj
      - SecuredLibrary.csproj.user
      - SecurityModel
        
        ExampleSecurityMangaer.cs
        
        Interfaces
        
        ISecurityManager.cs
        
        SecurityFactory.cs
    - SecuredLibraryTest
      - bin
        
        Debug
        
        DB.xml
        
        nunit.framework.dll
        
        SecuredLibrary.dll
        
        SecuredLibraryTest.dll
        
        SecuredLibraryTest.nunit
        
        SecuredLibraryTest.VisualState.xml
        
        TestResult.xml
      - Controlers
        
        DisplayAllObjectsToSecurePresenterTest.cs
      - MyClassTest.cs
      - Properties
        
        AssemblyInfo.cs
      - SecuredLibraryTest.csproj
    - SecurityManagementConsoleApplication
      - bin
        
        Debug
        
        SecuredLibrary.dll
        
        SecurityManagementConsoleApplication.exe
        
        SecurityManagementConsoleApplication.vshost.exe
      - Program.cs
      - Properties
        
        AssemblyInfo.cs
      - SecurityManagementConsoleApplication.csproj
      - Views
        
        DisplayAllObjectsToSecureView.cs
  - References
    - nunit.framework.dll

using System;
using System.Collections.Generic;
using System.Reflection;
using System.Text;
using SecuredLibrary.BusinessObjects;
using SecuredLibrary.Common;
using SecuredLibrary.Common.Exceptions;
using SecuredLibrary.Model;
using SecuredLibrary.Model.Interfaces;
using SecuredLibrary.SecurityModel.Interfaces;

namespace SecuredLibrary.SecurityModel
{
    public class ExampleSecurityMangaer : ISecurityManager
    {
        private IModel model;

        public ExampleSecurityMangaer()
        {
            model = ModelFactory.Model;
        }

        #region ISecurityManager Members

        /// <summary>
        /// Indicates if CurrentUser is permited to call SecuredMethod
        /// </summary>
        /// <param name="SecuredMethod"></param>
        /// <param name="CurrentUser"></param>
        /// <returns></returns>
        public bool IsPermited(MethodBase SecuredMethod, User CurrentUser)
        {
            return IsPermited(SecuredMethod, CurrentUser, false);
        }

        /// <summary>
        /// Indicates if CurrentUser is permited to call SecuredMethod.
        /// </summary>
        /// <param name="SecuredMethod"></param>
        /// <param name="CurrentUser"></param>
        /// <param name="ThrowException">If set to true throws exception if user is not authenticated.</param>
        /// <returns></returns>
        /// <exception cref="UserNotAuthorizedException"></exception>
        public bool IsPermited(MethodBase SecuredMethod, User CurrentUser, bool ThrowException)
        {
            
            object[] attribs = SecuredMethod.GetCustomAttributes(typeof(MethodSecuredAttribute), false);

            if (attribs.Length == 0)
            {
                throw new NotValidValueException("Method: " + SecuredMethod.Name +
                                                 " have to be marked with MethodSecuredAttribute");
            }

            string MethodFullName = SecuredMethod.ReflectedType.FullName + "." + SecuredMethod.Name;

            SecuredObject securedObject = model.GetSecuredObject(MethodFullName, CurrentUser.Id);

            bool isPermited = false;

            if(securedObject != null)
            {
                isPermited = true;
            }

            if (ThrowException && !isPermited)
            {
                string message = "User:" + CurrentUser.Id +
                                 " is not permited to call method: " + MethodFullName;
                throw new UserNotAuthorizedException(message);
            }

            return isPermited;
        }

        #endregion
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Michał Kosmala

Web Developer

Poland

ASP.NET Developer since 2004

Application Security Model

License

Comments and Discussions