2. Tech
  3. Role-based security (1)

Role-based security (1)

zhaozj2021-02-17  58

Role-based security (1)

MONTAQUE

The role is often used in financial or business applications to enforce the strategy. For example, the application may limit whether the user is a member of the specified role, which is restricted to the size of the transaction. The staff that the staff has the right to deal with the specified threshold. The permissions owned by the supervisor may be higher than the employee, and the authority of the vice president may be higher (or not limited at all). When an application requires multiple approvals to complete an action, role-based security can be used. For example, in the system, any employee can generate a procurement request, but only the purchasing agent can convert this request into purchase orders that can be sent to the supplier. (MSDN original)

Sometimes, we need to judge that the user's request to perform the current Sub has certain permissions. For the most basic, for example, it must be an administrator level account in Windows. At this time, we must judge the role of the current thread user. We know that multiple application domains can run in a process; however, there is no one-to-one association between application domains and threads. Multiple threads can belong to an application domain, although the given thread is not limited to an application domain, but at any given time, the thread is executed in an application domain.

So we have to start from threads, I execute user information of the current thread to the execution environment, there is a class in .NET, AppDomain. Here is a simple example:

Imports system

Imports system.threading

Imports system.security

Imports system.security.permissions

Imports system.security.principal

Module OnlyAdmin

Sub

Main

()

'Associate the user's role and identifier with Windows. Appdomain.currentDomain.setPrincipalPolicy (PrincipalPolicy.WindowsPrincipal)

DIM User As WindowsPrincipal = CType (Thread.currentPrincipal, WindowsPrIncipal)

Console.writeline ("Hello {0}", User.Identity.name)

If User.Isinrole (WindowsBuiltinrole.Administrator) THEN

Console.Writeline ("You Can Execute this Program)

Else

Console.writeline ("Sorry You Cannot Execute this Program)

END IF

End Sub

End module

VB.NET version

Reference: ms-help: //ms.vscc/ms.msdnvs.2052/cpref/html/frlrfsystemappdomainclasstopic.htm

转载请注明原文地址:https://www.9cbs.com/read-30868.html

9cbs

New Post(0)