Do you plan on releasing a default RoleProvider implementation for ASP.NET? I've crafted my own, but I figure yours would likely be more secure/stable, and other users could benefit from it.

Also, with your security system model, it might be valuable to provide one that is driven not by roles, but rather by permissions. For example, when using AuthorizeAttribute, it's probably better to be able to specify a required permission... then check if the user's roles have that permission.

asked Nov 19 '11 at 09:10

ara's gravatar image

ara
395858791

edited Nov 19 '11 at 09:12

"when using AuthorizeAttribute" - you mean you're using ASP.NET MVC?

(Nov 20 '11 at 03:30) Alex Yakunin Alex%20Yakunin's gravatar image

Yes, that's correct.

(Nov 20 '11 at 04:13) ara ara's gravatar image

One Answer:

Ara,

Security layer is still under development, so we are thinking of right permission-based implementation.

As for the RoleProvider, if you have already invented one, it would be great if you could contribute it to the project so we could adapt it. I'm sure, it would save us hours and days of work time.

Thanks.

answered Nov 20 '11 at 07:53

Dmitri%20Maximov's gravatar image

Dmitri Maximov
22111211

Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!
toggle preview

powered by OSQA