3

Are there any pre-existing solutions out there which would extend the built in SQL Membership Provider & Sql Role Providers in .NET with the concept of Group Membership.

Right now the Roles relationship looks like

Users ====> UserRoles <=====Roles

I'd like to extend that to look like

Users ====> UserGroups <==== Groups ====> GroupRoles <==== Roles.

Let's say you have an application with 30 or 40 distinct roles in it. Each time a new employee joins the company, you have to remember which set of roles that department normally gets & then make sure you tick those 8 checkboxes while setting up their website account.

If you had a group concept, you could set up a "Group" for each department as a logical grouping together of the roles that departments employees normally get. Then you could just add new Employee's to a single group.

Are there any out of the box implementations for this available already which might save me writing my own ?

Eoin Campbell
  • 43,500
  • 17
  • 101
  • 157
  • I assume your desired model is basically like [mine here](http://stackoverflow.com/questions/5518746/how-to-join-with-linq-to-typed-dataset), isn't it? My `Role` is just a User-Group wheras the authorization is controlled by `AccessRule`. – Tim Schmelter Feb 21 '12 at 12:10
  • Indeed it is. You've come at it slightly different I wanted to add a "Group" between Users & Roles... you've made Roles == Groups, and added the AccessRules beyond, but the concept looks fundamentally the same. The only reason I wanted to do it the other way was to be able to still leverage built in provider methods like `IsInRole()` etc.. – Eoin Campbell Feb 21 '12 at 12:27
  • My approach has the advantage that you don't need to implement a custom `RoleProvider` at all since it keeps it apparently untouched. ASP.NET does not need to know that i've enhanced it at the other end. I also have implemented a template-function that enables to create new Roles by using another role as template. This is the list of `AccessRules`of the other `Role`(or of your default-role). I don't need to use `IsInRole` to check authorization. I've implemented my own `hasAccess` method that checks whether or not the user belongs to a role that has a given `AccessRule`(f.e. DeleteXY). – Tim Schmelter Feb 21 '12 at 12:41
  • Tim, since no one else followed up, if you want to move you're comment to an answer & I'll give you the check-mark – Eoin Campbell Mar 22 '12 at 12:32

1 Answers1

3

I assume your desired model is basically like mine here, isn't it? My Role is just a User-Group wheras the authorization is controlled by AccessRule.

enter image description here

My approach has the advantage that you don't need to implement a custom RoleProvider at all since it keeps it apparently untouched. ASP.NET does not need to know that i've enhanced it at the other end. I also have implemented a template-function that enables to create new Roles by using another role as template. This is the list of AccessRules of the other Role(or of your default-role). I don't need to use IsInRole to check authorization. I've implemented my own hasAccess method that checks whether or not the user belongs to a role that has a given AccessRule(f.e. DeleteXY).

Community
  • 1
  • 1
Tim Schmelter
  • 450,073
  • 74
  • 686
  • 939