PrincipalPermission
-
I've been using PrincipalPermission for a while in wcf services. [PrincipalPermission(SecurityAction.Demand, Role = SecurityRoles.CanManageUsers)] although now i have a requirement to simplify roles by business unit. - currently aspnet_roles has fine grained can* permissions. Here is my approach and wanted to see if anyone can provide feedback, code review before i implement my suggestion. 1) aspnet_roles - business unit role 2) create permission table and Role_Permission table and User_Permission table (many to many) 3) create custom CodeAccessSecurityAttribute + that looks at new tables [CustomPermissionCheck(Security.Demand, HasPermission="can*")] first iteration i'll statically new the dependent repository.. ideally i would like an aop style attribute that has repository injected IPermissionRepository.HasPermission(...); If i approach new aop way i probably will stop inheriting from CodeAccessSecurityAttribute -- what do the security guys have to say about this? has anyone else solved this?