.net 中的访问控制列表 (ACL) 抽象层 [英] Access Control List (ACL) abstraction layer in .net
问题描述
.net 中是否有可用的 ACL 抽象层?我看过一些最佳实践"文档,但没有很好的基础实现.System.Security.AccessControl 怎么样?这是一个好的起点吗?
Is there an ACL abstraction layer available in .net? I have seen some "best practices" documents but no good base implementation. What about the System.Security.AccessControl? Is this a good starting point?
ACL 应该与存储在 DB 中的角色以及系统角色以及内存对象定义以及 db 对象或文件一起使用.所以它应该是通用的和/或易于扩展的.
The ACL's should work with Roles stored in DB as well as Roles by the system and for in-memory-object definitions as well as db objects or files. So it should be generic and/or easy to extend.
这是否应该依赖于 .net 框架中的 IPrincipal、IIdentity?
Should this rely on IPrincipal, IIdentity from the .net framework?
Zend 在他们的 PHP 框架中有类似的东西,我正在为 C# 搜索这种东西,而不是移植它(如果已经有标准解决方案或最佳实践实现).
Zend has something similar in their Framework for PHP and I am searching this kind of stuff for C# instead of porting that (if there is already a standard solution or best practice implementation).
@ladislav:
它不仅仅用于网络服务、胖客户端或独立应用程序.因此,我正在搜索一个抽象层,该层可以通过适配器为特定后端/平台进行扩展.你是对的,我正在为不同类型的对象和正确的定义搜索类似基于角色的访问管理抽象层的东西.这不应依赖于您为文件系统中的文件夹设置的 ACL.文件系统应该是 ACL 实现使用的特殊适配器.对我来说,ACL 本身是一个概念,与文件系统无关.文件系统使用 ACL 概念的实现(即使它在该领域广为人知).不需要对 Win32-api 的硬依赖.这就是为什么我要求通用(和广泛)使用的通用和抽象(接口)的原因.您知道 zend 框架中的实现吗(我知道它是 PHP,但该概念适用于任何应用程序,而不仅仅是基于 Web 的应用程序)?它是抽象的,可以用于代码中的任何对象
It is not intended to be used only in web services, fat clients or standalone apps. Because of this I am searching an abstraction layer that can be extended by adapters for a specfic backend/platform. You're right, that I am searching something like a role based access management abstraction layer for different kind of objects and right definitions. This should not rely onto the ACLs you set for folders in filesystems. A filesystem should be a special adapter used by the ACLs implementation. For me, ACL itself is a concept and has nothing to do with filesystems. Filesystems USES an implementation of the concept of ACL (even if its mostly known in this field). The hard dependency onto Win32-api is not wanted. This is why I am asking for something generic and abstract (interface) that is commonly (and widely) used. Do you know the implementation in the zend framework (I know it is PHP but the concept works for any app, not only web based)? It is abstracted and could be used for any object in the code
推荐答案
一个示例抽象是库 nAcl - .NET Access控制列表
... "帮助您轻松处理权利矩阵的场景.它可以也可以通过提供者轻松扩展"...
... "helps you handle scenarios for a matrix of rights easily. It can also be easily extended through a Provider" ...
特点:
- 为您处理应用程序的权利
- 处理权限层次
- 权限在一个地方计算,但由于提供者机制,可以从任何地方检索权限 (似乎是添加多个来源的相关功能)
- 用于静态权限的内存提供程序
- 路由器提供者处理路由并将提供者关联到路由
- Sql 提供程序处理 Db 中的权限
...但我还没有在接口中看到 IPrincipal 的用法.
... but I haven't seen the usage of IPrincipal within the Interface.
这篇关于.net 中的访问控制列表 (ACL) 抽象层的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
