.net中的访问控制列表(ACL)抽象层 [英] Access Control List (ACL) abstraction layer in .net
问题描述
.net中是否有ACL抽象层可用?我看过一些最佳实践文档,但没有良好的基础实现。那么System.Security.AccessControl呢?这是一个好的起点吗?
Is there an ACL abstraction layer available in .net? I have seen some "best practices" documents but no good base implementation. What about the System.Security.AccessControl? Is this a good starting point?
ACL应该与存储在数据库中的角色以及系统中的角色以及内存对象中的定义以及数据库一起使用对象或文件。因此,它应该是通用的和/或易于扩展的。
The ACL's should work with Roles stored in DB as well as Roles by the system and for in-memory-object definitions as well as db objects or files. So it should be generic and/or easy to extend.
这应该依靠.net框架中的IPrincipal,IIdentity吗?
Should this rely on IPrincipal, IIdentity from the .net framework?
Zend在他们的PHP框架中有类似的东西,我正在搜索C#这类东西,而不是移植它(如果已经有标准解决方案或最佳实践实现)。
Zend has something similar in their Framework for PHP and I am searching this kind of stuff for C# instead of porting that (if there is already a standard solution or best practice implementation).
@ladislav:
@ladislav:
它并非仅用于Web服务,胖客户端或独立应用。因此,我正在搜索一个抽象层,该层可以由适配器扩展以用于特定的后端/平台。没错,我正在搜索类似基于角色的访问管理抽象层之类的对象和正确的定义。这不应依赖于为文件系统中的文件夹设置的ACL。文件系统应该是ACL实现使用的特殊适配器。对我而言,ACL本身是一个概念,与文件系统无关。文件系统使用ACL概念的实现(即使其在该领域中广为人知)。不需要对Win32-api的硬依赖性。这就是为什么我要问一些通常(广泛)使用的通用和抽象(接口)的原因。您是否知道zend框架中的实现(我知道它是PHP,但该概念适用于任何应用程序,不仅适用于基于Web的应用程序)?它是抽象的,可用于代码中的任何对象
It is not intended to be used only in web services, fat clients or standalone apps. Because of this I am searching an abstraction layer that can be extended by adapters for a specfic backend/platform. You're right, that I am searching something like a role based access management abstraction layer for different kind of objects and right definitions. This should not rely onto the ACLs you set for folders in filesystems. A filesystem should be a special adapter used by the ACLs implementation. For me, ACL itself is a concept and has nothing to do with filesystems. Filesystems USES an implementation of the concept of ACL (even if its mostly known in this field). The hard dependency onto Win32-api is not wanted. This is why I am asking for something generic and abstract (interface) that is commonly (and widely) used. Do you know the implementation in the zend framework (I know it is PHP but the concept works for any app, not only web based)? It is abstracted and could be used for any object in the code
推荐答案
示例抽象是库 nAcl-.NET访问控制列表
。 帮助您轻松处理权利矩阵的情况。
也可以通过提供者轻松扩展。 ...
... "helps you handle scenarios for a matrix of rights easily. It can also be easily extended through a Provider" ...
功能:
- 为您处理应用程序的权限
- 处理以下内容的层次结构权利
- 权利是在一个地方计算出来的,但是由于提供者机制的存在,可以从任何地方检索到权利 (似乎是一个相关功能,可以添加多个
- 内存提供者中的静态权限
- 由路由器提供者处理路由并将提供者与路由相关联
- Sql提供程序来处理Db中的权限
- Handles the rights of an application for you
- Handles a hierarchy of rights
- Rights are calculated in one place but can be potentially retrieved from anywhere thanks to the provider mechanism (seems to be a relevant feature to add several sources)
- In memory provider for static rights
- Router provider to handle routes and associating providers to a route
- Sql provider to handle rights in Db
...但我还没有没有看到接口中IPrincipal的用法。
... but I haven't seen the usage of IPrincipal within the Interface.
这篇关于.net中的访问控制列表(ACL)抽象层的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
