Click here to Skip to main content
15,895,142 members
Search within:


Articles / Web Development / ASP.NET
 

Discretionary ACL Authorization Security Model in Web Applications with NHibernate

Rate me:
Please Sign up or sign in to vote.
4.50/5 (4 votes)
27 Feb 2009CPOL10 min read 81.4K   432   40  
A practical object-level security approach.
 
<%@ Page Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true"
 CodeFile="Blog.aspx.cs" Inherits="BlogPage" Title="Blog" %>

<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" runat="Server">
 <p>
  <a href="Default.aspx">&lt; back</a>
 </p>
 <h1>
  <asp:Label ID="blogName" runat="server" Text="Untitled" />
 </h1>
 <h3>Post New</h3>
 <div class="form">
  <p>
   Title:
   <asp:TextBox ID="inputBlogPostTitle" runat="server" Width="400" />
  </p>
  <p>
   Body:
   <asp:TextBox ID="inputBlogPostBody" runat="server" TextMode="MultiLine" Width="400" Height="50" />
  </p>
  <asp:Button CssClass="button" ID="createBlogPost" runat="server" OnClick="createBlogPost_Click"
   Text="Create Post" />
 </div>
 <h3>Posts</h3>
 <asp:GridView ID="gridBlogPosts" runat="server" AutoGenerateColumns="False" CellPadding="4"
  GridLines="None" ShowHeader="false">
  <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
  <RowStyle BackColor="#EFF3FB" />
  <Columns>
   <asp:BoundField DataField="Id" ItemStyle-HorizontalAlign="Center" />
   <asp:TemplateField>
    <ItemTemplate>
     <div style="font-size: 18px; font-weight: bold;"><%# Eval("Title") %></div>
     <div style="font-size: smaller;">
      posted by <b><%# Eval("Account.Name") %></b> on <%# Eval("Created") %>
     </div>
     <div style="padding: 5px 0px 5px 10px;">
      <%# Eval("Body") %>
     </div>
    </ItemTemplate>
   </asp:TemplateField>
   <asp:TemplateField ItemStyle-HorizontalAlign="Center">
    <ItemTemplate>
     <asp:LinkButton ID="linkDeleteBlogPost" runat="server" CommandArgument='<%# Eval("Id") %>'
      Text="Delete" OnCommand="linkDeleteBlogPost_Command" />
    </ItemTemplate>
   </asp:TemplateField>
  </Columns>
  <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
  <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
  <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
  <EditRowStyle BackColor="#2461BF" />
  <AlternatingRowStyle BackColor="White" />
 </asp:GridView>
 <div class="form">
  <p>
   Account:
   <asp:DropDownList ID="listAccounts" runat="server" DataValueField="Id" DataTextField="Name" />
  </p>
  <asp:Button CssClass="button" ID="createBlogAuthor" runat="server" OnClick="createBlogAuthor_Click"
   Text="Add Author" />
 </div>
 <h3>Authors</h3>
 <asp:GridView ID="gridBlogAuthors" runat="server" AutoGenerateColumns="False" CellPadding="4"
  GridLines="None" ShowHeader="false">
  <FooterStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
  <RowStyle BackColor="#EFF3FB" />
  <Columns>
   <asp:BoundField DataField="Id" ItemStyle-HorizontalAlign="Center" />
   <asp:TemplateField>
    <ItemTemplate>
     <div style="font-size: 18px; font-weight: bold;"><%# Eval("Account.Name") %></div>
    </ItemTemplate>
   </asp:TemplateField>
   <asp:TemplateField ItemStyle-HorizontalAlign="Center">
    <ItemTemplate>
     <asp:LinkButton ID="linkDeleteBlogAuthor" runat="server" CommandArgument='<%# Eval("Id") %>'
      Text="Delete" OnCommand="linkDeleteBlogAuthor_Command" />
    </ItemTemplate>
   </asp:TemplateField>
  </Columns>
  <PagerStyle BackColor="#2461BF" ForeColor="White" HorizontalAlign="Center" />
  <SelectedRowStyle BackColor="#D1DDF1" Font-Bold="True" ForeColor="#333333" />
  <HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
  <EditRowStyle BackColor="#2461BF" />
  <AlternatingRowStyle BackColor="White" />
 </asp:GridView>
</asp:Content>

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
dB.
Team Leader Application Security Inc., www.appsecinc.com
United States United States
Daniel Doubrovkine has been in software engineering for twelve years and is currently development manager at Application Security Inc. in New York City. He has been involved in many software ventures, including Xo3 and Vestris Inc, was a development lead at Microsoft Corp. in Redmond, and director of Engineering at Visible Path Corp. in New York City. Daniel also builds and runs a foodie website, http://www.foodcandy.com.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 25 Feb 2009

Article Copyright 2009 by dB.
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1