Implement authorization in win forms

**Marc Gravell** · Apr 10 '08, 10:25 PM

Re: Implement authorization in win forms

If you get stuck, please let me know. This is part of
System.Componen tModel, an area that I know very well. Although I
understand them, I haven't personally *created* an extension property
before, but I imagine that it isn't too tricky *if* you understand how
the rest of that area works. Actually, I'd happily use it as an excuse
to do some more digging in that area... ;-p

Marc

**parez** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

On Apr 11, 4:25 am, Marc Gravell <marc.grav...@g mail.comwrote:

For info, here is a rough sketch of what the component would look
like... this allows both IDE and programmatic usage; note that for
roles-based security you'd also need to initialize the principal - at
the most primative this can be as simple as:
>
Thread.CurrentP rincipal = new GenericPrincipa l(
new GenericIdentity ("Marc"), // name of user
new string[] { "BASIC" } // array of roles that the
user has
);
>
Obviously if your security model is more complex, you may need to
change things ;-p
>
[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<Cont rol, stringmap
= new Dictionary<Cont rol, string>();
[DefaultValue("" )]
public string GetRole(Control control)
{
if (control == null) return "";
string role;
map.TryGetValue (control, out role);
return role ?? "";
}
public void SetRole(Control control, string role)
{
if (control == null) return;
bool add = false, remove = false;
if (string.IsNullO rEmpty(role))
{
remove = map.Remove(cont rol);
}
else
{
add = !map.ContainsKe y(control);
map[control] = role;
}
if (!DesignMode)
{
SetEnabled(cont rol);
if (add)
{
control.ParentC hanged += control_ParentC hanged;
>
}
else if (remove)
{
control.ParentC hanged -= control_ParentC hanged;
}
}
}
private void SetEnabled(Cont rol control)
{
if (DesignMode || control == null) return;
string role;
if (map.TryGetValu e(control, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
control.Enabled = principal == null ? false :
principal.IsInR ole(role);
}
}
void control_ParentC hanged(object sender, EventArgs e)
{
SetEnabled(send er as Control);
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control;
}
}

Thanks..

How will i use the RoleDisabler ? would i drag it from the toolbar
like tooltip?

**parez** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

On Apr 11, 1:49 pm, parez <psaw...@gmail. comwrote:

On Apr 11, 4:25 am, Marc Gravell <marc.grav...@g mail.comwrote:
>
>
>

For info, here is a rough sketch of what the component would look
like... this allows both IDE and programmatic usage; note that for
roles-based security you'd also need to initialize the principal - at
the most primative this can be as simple as:

>

Thread.CurrentP rincipal = new GenericPrincipa l(
new GenericIdentity ("Marc"), // name of user
new string[] { "BASIC" } // array of roles that the
user has
);

>

Obviously if your security model is more complex, you may need to
change things ;-p

>

[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<Cont rol, stringmap
= new Dictionary<Cont rol, string>();
[DefaultValue("" )]
public string GetRole(Control control)
{
if (control == null) return "";
string role;
map.TryGetValue (control, out role);
return role ?? "";
}
public void SetRole(Control control, string role)
{
if (control == null) return;
bool add = false, remove = false;
if (string.IsNullO rEmpty(role))
{
remove = map.Remove(cont rol);
}
else
{
add = !map.ContainsKe y(control);
map[control] = role;
}
if (!DesignMode)
{
SetEnabled(cont rol);
if (add)
{
control.ParentC hanged += control_ParentC hanged;

>

}
else if (remove)
{
control.ParentC hanged -= control_ParentC hanged;
}
}
}
private void SetEnabled(Cont rol control)
{
if (DesignMode || control == null) return;
string role;
if (map.TryGetValu e(control, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
control.Enabled = principal == null ? false :
principal.IsInR ole(role);
}
}
void control_ParentC hanged(object sender, EventArgs e)
{
SetEnabled(send er as Control);
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control;
}
}

>
Thanks..
>
How will i use the RoleDisabler ? would i drag it from the toolbar
like tooltip?

That was great.. thanks...
I have a question..
When will the SetEnabled function execute?

**parez** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

On Apr 11, 2:14 pm, parez <psaw...@gmail. comwrote:

On Apr 11, 1:49 pm, parez <psaw...@gmail. comwrote:
>
>
>

On Apr 11, 4:25 am, Marc Gravell <marc.grav...@g mail.comwrote:

>

For info, here is a rough sketch of what the component would look
like... this allows both IDE and programmatic usage; note that for
roles-based security you'd also need to initialize the principal - at
the most primative this can be as simple as:

>

Thread.CurrentP rincipal = new GenericPrincipa l(
new GenericIdentity ("Marc"), // name of user
new string[] { "BASIC" } // array of roles that the
user has
);

>

Obviously if your security model is more complex, you may need to
change things ;-p

>

[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<Cont rol, stringmap
= new Dictionary<Cont rol, string>();
[DefaultValue("" )]
public string GetRole(Control control)
{
if (control == null) return "";
string role;
map.TryGetValue (control, out role);
return role ?? "";
}
public void SetRole(Control control, string role)
{
if (control == null) return;
bool add = false, remove = false;
if (string.IsNullO rEmpty(role))
{
remove = map.Remove(cont rol);
}
else
{
add = !map.ContainsKe y(control);
map[control] = role;
}
if (!DesignMode)
{
SetEnabled(cont rol);
if (add)
{
control.ParentC hanged += control_ParentC hanged;

>

}
else if (remove)
{
control.ParentC hanged -= control_ParentC hanged;
}
}
}
private void SetEnabled(Cont rol control)
{
if (DesignMode || control == null) return;
string role;
if (map.TryGetValu e(control, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
control.Enabled = principal == null ? false :
principal.IsInR ole(role);
}
}
void control_ParentC hanged(object sender, EventArgs e)
{
SetEnabled(send er as Control);
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control;
}
}

>

Thanks..

>

How will i use the RoleDisabler ? would i drag it from the toolbar
like tooltip?

>
That was great.. thanks...
I have a question..
When will the SetEnabled function execute?

I think i got it. thanks..once again..you were a life saver..

**Marc Gravell** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

When will the SetEnabled function execute?

When not in the designer (DesignMode), it executes when you either
change the role (SetRole), or when the control is added to a parent.
The reason for this second bit is this is always the last thing that
designer-generated code does - so it will take precendence over the
designer.

I think i got it. thanks..once again..you were a life saver..- Hide quotedtext -

No problem; I'm always up for an excuse to mess in the
System.Componen tModel ;-p

Marc

**Marc Gravell** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

Basically I need function RoleLevel( role, department) which returns access

level.

The inbuilt roles-based security (IPrincipal) only covers single-
dimension roles. You can of course shim this by using roles like
SOMEDEPT_EDIT, SOMEDEPT_READ etc; whether that is sensible or not
depends on the scenario. Another option is NT ACLs, but then you need
to impersonate into that NT user - but it can be very flexible.

Marc

**parez** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

On Apr 11, 5:06 pm, Marc Gravell <marc.grav...@g mail.comwrote:

When will the SetEnabled function execute?

>
When not in the designer (DesignMode), it executes when you either
change the role (SetRole), or when the control is added to a parent.
The reason for this second bit is this is always the last thing that
designer-generated code does - so it will take precendence over the
designer.
>

I think i got it. thanks..once again..you were a life saver..- Hide quoted text -

>
No problem; I'm always up for an excuse to mess in the
System.Componen tModel ;-p
>
Marc

Hi,

I just one more issue... If a control has sub-control(compone nt) then
it does not show up for the sub components.
e.g MenuStrip control has ToolStripMenuIt em children. How do I make
it show up(in properties) for those controls.

TIA

**Marc Gravell** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

I just one more issue... If a control has sub-control(compone nt) then

it does not show up for the sub components.
e.g MenuStrip control has ToolStripMenuIt em children. How do I make
it show up(in properties) for those controls.

I suspect that is because ToolStripMenuIt em isn't a Control, and I
restricted it to Controls; Changed as below (I also removed the events
stuff - didn't seem necessary in hindsight):

[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<obje ct, stringmap
= new Dictionary<obje ct, string>();
[DefaultValue("" )]
public string GetRole(object obj)
{
if (obj == null) return "";
string role;
map.TryGetValue (obj, out role);
return role ?? "";
}
public void SetRole(object obj, string role)
{
if (obj == null) return;
if (string.IsNullO rEmpty(role))
{
map.Remove(obj) ;
}
else
{
map[obj] = role;
}
if (!DesignMode)
{
SetEnabled(obj) ;
}
}
private void SetEnabled(obje ct obj)
{
if (DesignMode || obj == null) return;
string role;
if (map.TryGetValu e(obj, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
bool isInRole = principal == null ? false :
principal.IsInR ole(role);
if (obj is Control)
{
((Control)obj). Enabled = isInRole;
}
else if (obj is ToolStripItem)
{
((ToolStripItem )obj).Enabled = isInRole;
}
}
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control || obj is ToolStripItem;
}
}

**parez** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

On Apr 14, 4:01 pm, Marc Gravell <marc.grav...@g mail.comwrote:

I just one more issue... If a control has sub-control(compone nt) then
it does not show up for the sub components.
e.g MenuStrip control has ToolStripMenuIt em children. How do I make
it show up(in properties) for those controls.

>
I suspect that is because ToolStripMenuIt em isn't a Control, and I
restricted it to Controls; Changed as below (I also removed the events
stuff - didn't seem necessary in hindsight):
>
[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<obje ct, stringmap
= new Dictionary<obje ct, string>();
[DefaultValue("" )]
public string GetRole(object obj)
{
if (obj == null) return "";
string role;
map.TryGetValue (obj, out role);
return role ?? "";
}
public void SetRole(object obj, string role)
{
if (obj == null) return;
if (string.IsNullO rEmpty(role))
{
map.Remove(obj) ;
}
else
{
map[obj] = role;
}
if (!DesignMode)
{
SetEnabled(obj) ;
}
}
private void SetEnabled(obje ct obj)
{
if (DesignMode || obj == null) return;
string role;
if (map.TryGetValu e(obj, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
bool isInRole = principal == null ? false :
principal.IsInR ole(role);
if (obj is Control)
{
((Control)obj). Enabled = isInRole;
}
else if (obj is ToolStripItem)
{
((ToolStripItem )obj).Enabled = isInRole;
}
}
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control || obj is ToolStripItem;
}
>
}

I tried that .. It did not work... it still doesnt show it..

**Marc Gravell** · Jun 27 '08, 07:43 PM

Re: Implement authorization in win forms

Curoious - even though it accepts multiple ProvideProperty Attribute
declarations, only the first is used... never mind; change the
[ProvideProperty] line to:

[ProvideProperty ("Role", typeof(Componen t))]

Marc

**stv.dmsk@gmail.com** · Jun 27 '08, 07:44 PM

Re: Implement authorization in win forms

On Apr 10, 10:49 pm, parez <psaw...@gmail. comwrote:

Whats the best way of implementingaut horizationin a win forms
application.
I mean things like show/hide or enable/disable Save button ,creating
context menus etc.

Hi,

Visual Guard .Net is probably a good solution:

Visual Guard - Identity and Access Management

http://www.visual-guard.com/EN/.net-security-user-role-permission/identity-management-access-control-authentication-tool#admin

Combine user management with Authentication, Permissions and Auditing features for any Application

**parez** · Jun 27 '08, 07:44 PM

Re: Implement authorization in win forms

On Apr 14, 4:01 pm, Marc Gravell <marc.grav...@g mail.comwrote:

I just one more issue... If a control has sub-control(compone nt) then
it does not show up for the sub components.
e.g MenuStrip control has ToolStripMenuIt em children. How do I make
it show up(in properties) for those controls.

>
I suspect that is because ToolStripMenuIt em isn't a Control, and I
restricted it to Controls; Changed as below (I also removed the events
stuff - didn't seem necessary in hindsight):
>
[ProvideProperty ("Role", typeof(Control) )]
[ToolboxItemFilt er("System.Wind ows.Forms")]
[Description("Pr ovides automatic role-checking")]
public class RoleDisabler : Component, IExtenderProvid er
{
private Dictionary<obje ct, stringmap
= new Dictionary<obje ct, string>();
[DefaultValue("" )]
public string GetRole(object obj)
{
if (obj == null) return "";
string role;
map.TryGetValue (obj, out role);
return role ?? "";
}
public void SetRole(object obj, string role)
{
if (obj == null) return;
if (string.IsNullO rEmpty(role))
{
map.Remove(obj) ;
}
else
{
map[obj] = role;
}
if (!DesignMode)
{
SetEnabled(obj) ;
}
}
private void SetEnabled(obje ct obj)
{
if (DesignMode || obj == null) return;
string role;
if (map.TryGetValu e(obj, out role))
{
IPrincipal principal = Thread.CurrentP rincipal;
bool isInRole = principal == null ? false :
principal.IsInR ole(role);
if (obj is Control)
{
((Control)obj). Enabled = isInRole;
}
else if (obj is ToolStripItem)
{
((ToolStripItem )obj).Enabled = isInRole;
}
}
}
bool IExtenderProvid er.CanExtend(ob ject obj)
{
return obj is Control || obj is ToolStripItem;
}
>
}

Hi Marc,

I added the following to the RoleDisabler .. and now it also enables /
disables everytime my permission changes..
Thanks again..

private void HookUpEventhand lers()
{

UserAccessInfo. UserPermissions Updated += new
EventHandler<Ev entArgs>(UserAc cessInfo_UserPe rmissionsUpdate d);
}

void UserAccessInfo_ UserPermissions Updated(object sender,
EventArgs e)
{
foreach (object obj in map.Keys)
{
try
{
SetEnabled(obj) ;
}
catch(Exception ex)
{

Trace.WriteLine If(Logger.Insta nce.TraceSwitch .TraceError,
ExceptionUtilit y.GetInnerMostE xception(ex).Me ssage);
}
}
}

**Martin** · Jul 16 '08, 11:15 PM

Implement authorization in win forms

Hi Marc

Firstly thanks for posting your code - it's proving very useful for me (and many others I'm sure).

I've tested the code on my forms and it seems to deal very well with most things but "falls down" a little with things like datagridviews etc where more than one property would be bound - the code you've posted can happily enable/disable the entire control (i.e. all cols) but how would you go about hiding/making readonly some columns dependent on roles (i.e. "CanView"/"CanEdit" type properties?

Thanks in advance
Martin

Implement authorization in win forms

Implement authorization in win forms

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment