Hi all,
I'm interested in some oppionions from you regarding role based security.
The GenericPrincipal Object in .NET propagates that only roles should be used for authorization of business logic access.
So what do you do ? You write the Role Names hardcoded in your Sourcecode.
For example IsInRole("Salesman"). The Problem now is what do you do if the business logic change ? First the Windows User in the Role "Salesman" can add new data. After reorganization Salesman should only edit data.
Perhaps the permission logic is an envolving process while programming the Software.
A workaround for that could be that you write a extra Software that maps Windows User accounts to roles that are mapped to rights. But this seems overhead.
Are there any "best practices" for this issue ?
thanks in advance
Stephan