Monday, February 9, 2009

Fine grained authorization in ASP.NET 2.0+

I have the requirement for fine grained authorization control. I considered using the standard ASP.NET roles, but really need an extra "level" added.

For example, tasks or logical operations like "CanCreateNewDocument" map to logical roles in the organization like "Manager". Users are then assigned to logical roles rather than logical operations. Authorization checks are performed against logical operations.

There doesn't appear to be the ability to nest roles within roles. I.e. Role Inheritance.

Something like the Microsoft Authorization Manager may be able to fill the gap.