Hi Veloce, I like your solution although it doesn't have the granularity that some may want, do you mind if I adapt it into my solution here:

1. Part 1 - Create the database tables.
2. Part 2 - Add a User Interface to modify the permissions.
3. Part 3 - User Marcin's InMemoryMetadataProvider to add the database based permissions to the Metadata at runtime.
4. Part 4 - Add components from A DynamicData Attribute Based Permission Solution using User Roles to consume the database based metadata.
5. Part 5 - Oops! Table Names with Spaces in them and Pluralization.

Which in turn extends the earlier articles here:

I think I could adapt it to do the table part, but I'm still looking into a way of centralising the Field Security.

Steve, I want to thank you for your remarks. Please, feel free to modify my example and let us know what you can come up with.

Remember that the two basic design principles I adopted are as follows:

1.      Use ASP.NET Forms Authentication to discriminate the user's roles.

Everything you do in terms of authentication such as modify permissions, if I understand you correctly, must be integrated I believe with ASP.NET authentication mechanism.

2.      Use ASP.NET Dynamic Data to authorize authenticated users to perform tasks at lower level, tasks only understood by Dynamic Data. Probably the centralization of field security should be done at this level. May be you can expand on this: I'm still looking into a way of centralizing the Field Security.

Thanks,

Michael (aka veloce)

Yes I understand the principals have a look at this post Dynamic Data - Default FieldGenerator which I think could be the way forward for Field Security.

Hi

Thanks heaps for sample, I have implemented on my site and it works ok.  I had a couple of questions.

Delete is only available for the role tagged as 'administrator' How would I go about allowing other user roles to have delete access on certain tables?  I tried adding the 'Delete' action in attributes but it didn't work.

[Security(Role = "Anonymous", Action = "AnonymousList")]
[Security(Role = "Developer", Action = "List")]
[Security(Role = "Developer", Action = "Details")]
[Security(Role = "Rule Author", Action = "List")]
[Security(Role = "Rule Author", Action = "Details")]
[Security(Role = "Rule Author", Action = "Edit")]
[Security(Role = "Rule Author", Action = "Delete")]
public partial class BehaviourDocument
{

}

Michael

 Hi Mdausmann, I'll have a look at my sample and get back you.

 Hi Mdausmann, in this sample from Veloce, you have to be admin to get delete facility you will need to look at the test on each page e.g. List page:

// Enable delete button only to allowed users.
private void SetDelete(TableRow row)
{
    // Instantiate the SecurityInformation 
    // utility object.
    DynamicDataSecurity secInfo =
      new DynamicDataSecurity();

    foreach (Control c in row.Cells[0].Controls)
    {
        // Deny delete capability to users that are 
        // not administrators
        if (!secInfo.IsUserInAdmimistrativeRole() &&
          secInfo.IsUserInAuthenticatedRole())
        {
            // Do not allow delete.
            LinkButton btn = c as LinkButton;
            if (btn != null &&
                btn.CommandName ==
                DataControlCommands.DeleteCommandName)
            {
                btn.Visible = false;
                btn.OnClientClick = null;
                btn.Enabled = false;
            }
        }
    }
}

if you note the statement:

if (!secInfo.IsUserInAdmimistrativeRole() &&
          secInfo.IsUserInAuthenticatedRole())

you will need to change the !secInfo.IsUserInAdmimistrativeRole() to some other test the will test that will check for a role with delete.

Hope that makes sense

The example of a Secure Dynamic Data Site Use CustomDynamicDataRouteHandler to achieve security,but how to transport data of session to CustomDynamicDataRouteHandler? I need transport custom logined user infomation to CustomDynamicDataRouteHandler.

Thanks.

 Hi Zzdfc, I'm working on a simplified sample based on Veloces work, I should have part 1 ready early this week.

 Hi sjnaughton:

       I have read your article "Securing Dynamic Data Preview 4 Refresh – Part 1",but it don't demo how to transport  session data to CustomDynamicDataRouteHandler? I need transport custom logined user infomation to CustomDynamicDataRouteHandler,example:

Roles 、Permissions  and orgnization of the logined user.

 Hi Zzdfc, I'm not sure I understand what you are trying to do, could you explain in a little more detail and I will try to create a sample that demostraits it.

public class SecurityDynamicDataRouteHandler : DynamicDataRouteHandler
    {
        public override IHttpHandler CreateHandler(DynamicDataRoute route, MetaTable table, string action)
        {
           
            HttpContext httpContext = HttpContext.Current;
            string userName= httpContext.Session["UserName"].ToString();
            string userID= httpContext.Session["UserID"].ToString();
            string isAdmin= httpContext.Session["IsAdmin"].ToString();
            if(isAdmin==true)
           {
                   .........
            }
            else
           {
              .........
            }

             return null;

        }
    }

but data of httpContext.Session alaways is null,how to do?

thanks.

 OK I get what you mean now I'll have a look into it and see if anything can be done.

 Hi Zzdfc, I've just tested it on my sample and I get Session populated, I think it may be when you are setting the session, but why are you using Session anyway?

If you e-mail me I can give you my sample working.

Hi sjnaughton:

      I hope get your sample of  session,thank you very much!

       I use session to save user's permissions 、roles and infomation because user's permissions 、roles and infomation is from database, not is from attributes and metadata.

       I don't know if it have else method to save data in entire session lifecycle.

       In my program, I get session populated in first page,but session is null when it turn to list.aspx、detail.aspx、edit.aspx，I have tested many times.

                                                             Thanks!