Login/Register
CanCan gem for MVC .NET
Asked Answered
asp.net-mvcpermissionscancan
T

5

9

I am looking for NuGet package that provides similar functionality as the CanCan gem in rails ( https://github.com/ryanb/cancan ).

Does anyone know a plugin that provides a similar functionality? Or a simple way to implement this?

Thanks

Tineid answered 20/6, 2012 at 10:15 Comment(2)
Did you ever find a good implementation of activity based authorization?Socle
no, unfortunately I did not. I ended up writing a custom Authorize attribute. Let me know if you find a good implementation of it.Tineid
S
3

I ended up looking at http://www.develop.com/wifclaimsbasedauthorizationone it does very much as CanCan does.

For example

ClaimsPrincipalPermission.CheckAccess("Customer","Add");

Would check whether the user had permission to add customers.

We are testing http://thinktecture.github.com/Thinktecture.IdentityModel.45/

Basically claims based Authorization for .Net

With MVC5 and One ASP.Net Claims is baked right into the core of .Net

Socle answered 22/12, 2012 at 0:28 Comment(0)
L
2

After a long long search I found these essays useful:

http://msdn.microsoft.com/en-us/library/ff359101.aspx http://www.codeproject.com/Articles/639458/Claims-Based-Authentication-and-Authorization http://www.codetails.com/punitganshani/using-claims-identity-with-simplemembership-in-asp-net-mvc/20130525
http://leastprivilege.com/
http://www.postsharp.net/aspects/examples/security

UPDATE
latest from Microsoft introduced in 2013 release: http://blogs.msdn.com/b/webdev/archive/2013/06/27/introducing-asp-net-identity-membership-system-for-asp-net-applications.aspx
Samples:
https://mcmap.net/q/356855/-decoupling-microsoft-aspnet-identity
https://github.com/rustd/AspnetIdentitySample http://msdn.microsoft.com/en-us/library/hh377151.aspx

I prefer the one used in CodeProject tutorial which is based on frameworks from Thinktecture guys, source code is available at:
https://github.com/brockallen/BrockAllen.MembershipReboot https://github.com/thinktecture/Thinktecture.IdentityModel.45

Just remember that the CodeProject article is outdated from the persistence point of view.
Now MembershipReboot support EntityFramework, MongoDB and RavenDB as data store.

Lineage answered 12/9, 2013 at 11:5 Comment(0)
A
1

Recently, I was searching something about activity based authorization and I found some interesting tutorial, how to implement it: https://mkarczewski.wordpress.com/2013/10/21/activity-based-authorization-in-modular-systems/

I also found this library, and it seems very cool! This is something, I was hoping to find. https://github.com/michelgrootjans/CanI/blob/master/README.md

Alrich answered 29/8, 2015 at 7:6 Comment(0)
G
0

In .NET you should be using Membership Provider and Authorize attributes.

Gridiron answered 20/6, 2012 at 13:26 Comment(2)
I am not the downvoter, but I think the reason this was downvoted was because Membership provides permission on roles, rather than permissions on an activity. Maybe I am wrong, but with Cancan I have had the ability to restrict access to perform a certain action by defining the "ability" to do something on the ability file. Say I have a picture resource and users, and one user would like to edit the picture - would I need to put him in an editing role with membership providers? With cancan I can simply add code that says: "User has permission to edit a picture resource if he owns it"Tineid
This kind of logic can be implemented in custom Authorize attribute.Gridiron
P
0

Check out this page in the ASP.NET Core documentation. Its somewhat similar to what cancan does.

You write an Authorization Handler like so:

public class DocumentAuthorizationHandler :
       AuthorizationHandler<OperationAuthorizationRequirement, Document>
   {
       public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                   OperationAuthorizationRequirement requirement,
                                                   Document resource)
       {
           // Validate the operation using the resource, the identity and
           // the Name property value from the requirement.

           return Task.CompletedTask;
       }
   }

Now you can use the following code in your controllers:

if (await authorizationService.AuthorizeAsync(User, document, Operations.Read))
   {
       return View(document);
   }
   else
   {
       return new ChallengeResult();
   }

or in your views:

@if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit))
   {
       <p><a class="btn btn-default" role="button"
           href="@Url.Action("Edit", "Document", new { id = Model.Id })">Edit</a></p>
   }
Paradies answered 13/1, 2017 at 18:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.