469,319 Members | 2,445 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,319 developers. It's quick & easy.

Field Level Security

All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave
Nov 20 '05 #1
3 3240
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
....

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave


Nov 20 '05 #2
Mary,

Thanks for the suggestion. I didn't even know this was here (framework is
very big).

However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.

In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity("MyCode", "DAVE")
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Public Sub CheckSecurity(propertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityException("User does not have security")
End If
End Sub

This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?

Thank you!
Dave
"Mary Chipman" <mc***@nomail.please> wrote in message
news:bt********************************@4ax.com...
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
...

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave

Nov 20 '05 #3
The security demands I posted were for either Windows or custom users,
not the machine per se. You can also use IsInRole with either Windows
or generic users. You'd use IsInRole as a test before branching to
your code. Security demands don't allow code to run if the user
doesn't "pass" the demand test (they aren't in the role). So I guess
I'm not clear how your security logic would be different than this.

-- Mary
MCW Technologies
http://www.mcwtech.com

On Thu, 18 Dec 2003 10:49:17 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
Mary,

Thanks for the suggestion. I didn't even know this was here (framework is
very big).

However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.

In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity("MyCode", "DAVE")
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Public Sub CheckSecurity(propertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityException("User does not have security")
End If
End Sub

This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?

Thank you!
Dave
"Mary Chipman" <mc***@nomail.please> wrote in message
news:bt********************************@4ax.com.. .
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
...

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
>All,
>
>Does anyone have ideas how they have implemented field (property) level
>security? I want to handle this from the business object level, not the
>database level. Is it best to have a security checking method that gets
>called in the property and throws an exception? If there are several
>"fields" that are being accessed multiple times, does it hurt from a
>performance perspective to have these exceptions thrown all of the time?
>
>Public ReadOnly Property MyCode() As String
> Get
> Try
> CheckSecurity(....)
> Catch ex As SecurityException
> 'Do something with the exception, etc.
> End Try
> End Get
>End Property
>
>Just trying to get some ideas...
>
>Thanks in advance!
>Dave
>


Nov 20 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by robert | last post: by
3 posts views Thread by John | last post: by
6 posts views Thread by Keith Wilby | last post: by
reply views Thread by jostein.solstad | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
reply views Thread by Gurmeet2796 | last post: by
reply views Thread by mdpf | last post: by
reply views Thread by harlem98 | last post: by
reply views Thread by listenups61195 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.