473,396 Members | 1,779 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > field level security

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Field Level Security

All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave
Nov 20 '05 #1
3 3419
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
....

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave


Nov 20 '05 #2
Mary,

Thanks for the suggestion. I didn't even know this was here (framework is
very big).

However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.

In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity("MyCode", "DAVE")
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Public Sub CheckSecurity(propertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityException("User does not have security")
End If
End Sub

This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?

Thank you!
Dave
"Mary Chipman" <mc***@nomail.please> wrote in message
news:bt********************************@4ax.com...
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
...

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
All,

Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(....)
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Just trying to get some ideas...

Thanks in advance!
Dave

Nov 20 '05 #3
The security demands I posted were for either Windows or custom users,
not the machine per se. You can also use IsInRole with either Windows
or generic users. You'd use IsInRole as a test before branching to
your code. Security demands don't allow code to run if the user
doesn't "pass" the demand test (they aren't in the role). So I guess
I'm not clear how your security logic would be different than this.

-- Mary
MCW Technologies
http://www.mcwtech.com

On Thu, 18 Dec 2003 10:49:17 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
Mary,

Thanks for the suggestion. I didn't even know this was here (framework is
very big).

However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.

In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.

Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity("MyCode", "DAVE")
Catch ex As SecurityException
'Do something with the exception, etc.
End Try
End Get
End Property

Public Sub CheckSecurity(propertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityException("User does not have security")
End If
End Sub

This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?

Thank you!
Dave
"Mary Chipman" <mc***@nomail.please> wrote in message
news:bt********************************@4ax.com.. .
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:

<PrincipalPermission(SecurityAction.Demand, _
Authenticated:=True, _
Role:="SomeRole")> _
Private Sub SomeMethod()
...

Or you can use imperative demands inside methods:

Public Function SomeMethod() As String
Dim op As New PrincipalPermission(Nothing, _
"BUILTIN\Administrators")
Try
op.Demand()
...
Catch ex As System.Security.SecurityException
Return ex.Message
End Try
...

See the topic "Demands" in help as a starting point.

-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da*******************@asdsoftware.com> wrote:
>All,
>
>Does anyone have ideas how they have implemented field (property) level
>security? I want to handle this from the business object level, not the
>database level. Is it best to have a security checking method that gets
>called in the property and throws an exception? If there are several
>"fields" that are being accessed multiple times, does it hurt from a
>performance perspective to have these exceptions thrown all of the time?
>
>Public ReadOnly Property MyCode() As String
> Get
> Try
> CheckSecurity(....)
> Catch ex As SecurityException
> 'Do something with the exception, etc.
> End Try
> End Get
>End Property
>
>Just trying to get some ideas...
>
>Thanks in advance!
>Dave
>


Nov 20 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
DB2 Database
0
Solution: field-level permissions in Access
by: Allen Browne | last post by:
Access does not have true field-level permissions, but I was recently asked to set up a database where some fields would be locked and others not. The idea was to allow the user who created the...
Microsoft Access / VBA
3
Tarpping changes to a field
by: John | last post by:
Hi We have a set of complicated applications that access the same backend database. One of the date fields if being blanked out from time to time by an unknown process, which is causing problems...
Microsoft Access / VBA
5
An object reference is required for the nonstatic field, method, or property
by: Vicky via DotNetMonster.com | last post by:
Hi, I need help with "An object reference is required for the nonstatic field, method, or property 'dataReader.Class1.data'" Before I put folowing variable in class level, it works fine....
C# / C Sharp
9
The data at the root level is invalid exception
by: MR | last post by:
I get the following Exception "The data at the root level is invalid. Line 1, position 642" whenever I try to deserialize an incoming SOAP message. The incoming message is formed well and its...
.NET Framework
9
adding a text string to data from one field in one database to another
by: sellcraig | last post by:
Microsoft access 2 tables table "data main" contains a field called "code" table "ddw1" is created from a make table query of "data main" Goal- the data in "code" field in needs to...
Microsoft Access / VBA
6
Handling Security at Field Level
by: Keith Wilby | last post by:
I have an Access app with ULS applied. It has a main form and a subform with a 1:M relationship. My client wants some of his users to be able to edit 3 fields in the subform but read-only the...
Microsoft Access / VBA
6
Jet User-Level Security
by: plaguna | last post by:
Basically I have Three questions about Jet U-L Security: 1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for...
Microsoft Access / VBA
0
Authorization on field level
by: jostein.solstad | last post by:
Hi! I am building a 3 tier application. As far as I know, you can use authorization classes and properties defined with the System.Security classes for the Business Logic Layer. What I...
C# / C Sharp
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!