Channel 9 Forums - Coffeehouse - ACL Library for SQL server http://mschnlnine.vo.llnwd.net/d1/Dev/App_Themes/C9/images/feedimage.png Channel 9 Forums - Coffeehouse - ACL Library for SQL server http://channel9.msdn.com/Forums Channel 9 keeps you up to date with the latest news and behind the scenes info from Microsoft that developers love to keep up with. From LINQ to SilverLight – Watch videos and hear about all the cool technologies coming and the people behind them. http://channel9.msdn.com/Forums en Thu, 23 May 2013 14:27:04 GMT Thu, 23 May 2013 14:27:04 GMT Rev9 2 -2 -1 Coffeehouse - ACL Library for SQL server Does anyone know of a good ACL based security library I can use in a project using ASP.NET and SQL-2005.   Role based is not good enough for this project I need to but access lists on objects in the database secured against a user list stored in the same DB (i.e no AD intergration).

Or if anyone has good links for designing our own?

Thanks,

Stephen.

]]> http://channel9.msdn.com/Forums/Coffeehouse/256805-ACL-Library-for-SQL-server/256805#256805 Sun, 05 Aug 2007 13:42:22 GMT http://channel9.msdn.com/Forums/Coffeehouse/256805-ACL-Library-for-SQL-server/256805#256805 PerfectPhase 2 http://channel9.msdn.com/Niners/PerfectPhase/Discussions/RSS Coffeehouse - ACL Library for SQL server
PerfectPhase wrote:


Or if anyone has good links for designing our own?



I don't really have any links to demonstrate but I have had to deal with this and this is how i went about it.

We have a system where there are many service providers and many clients who use the system.  Clients apply to service providers to join their system and once approved by the SP they get acess to the info and services provided by that provider

So we have many differnet combinations of clients/service providers.

We implemented it like this.

All connections to the database must go thru a central module. This module provides 3 services.
1. ConnectionString Managment
2. Leak detection
3.  User ID Management

When a user creates a connetion the module attaches to its state changed event - then when the state changes to opened the module does 2 things.
1. Records the connection open time and the stack trace of where it was opened (I found this bit of good stuff on code project - unfortanatly I don't rembemer by who) - this list is periodiclly inspected for open connetions with a fingerprint to where the connectio0n started at.
and finally
2. set the session context on the user connection by executeing set Context_Info against that connection and passes the current user id

Next. In the database we have a simple view that returns the ids of the service providers for which the user of the current connection has access to. The gist of the view is something like this:

select SP_ID  a from SPs inner join PermissionList b on a,spid = b.spid where b.userid = GetCurrentUserID()

(GetCurrentUserID is a fiunction that you need to create to retreive the context_info and convert it to a varchar)

From here on in all data selections are done not against the data table but against another set of views which inner join the base tables sp_ID with the spid from the restriction view




]]> http://channel9.msdn.com/Forums/Coffeehouse/256805-ACL-Library-for-SQL-server/d4f5adbda425407f846a9dec009c0122#d4f5adbda425407f846a9dec009c0122 Tue, 07 Aug 2007 02:25:38 GMT http://channel9.msdn.com/Forums/Coffeehouse/256805-ACL-Library-for-SQL-server/d4f5adbda425407f846a9dec009c0122#d4f5adbda425407f846a9dec009c0122 AIM48 2 http://channel9.msdn.com/Niners/AIM48/Discussions/RSS