Authorization Assistance - Reason for PermissionCatalog?

Topics: Web Client Software Factory
Feb 2, 2007 at 3:08 PM
Kudos to the team responsible for the WCSF. It is an awesome 1.0 release and I look forward to its further development. The documentation is awesome, too.

I could use a little help with understanding Authorization, however, as I couldn't find detailed coverage on it.

Using the Reference Implementation as a guide I was able to get Authorization working successfully in my own test project, but I don't quite understand the reasons for all of the changes to enable authorization.

It seems like the following steps are necessary:

1) Enabling Forms Authentication and creating Login Page
2) Disabling anonymous access where necessary within web.config(s): deny access = "?"
3) Mapping Roles to Rules in main web.config - EntLib Version
4) Mapping URL's to Rules in each module web.config
5) Adding Actions to PermissionCatalog in each module initializer
6) Mapping Rules to SiteMapNodes in module initializer to remove nodes based on roles

I can understand all parts except number 5. Why am I adding actions to a permissions catalog? What is the role of the permissions catalog when I have already mapped url's to rules in the module web.config?

Any assistance on setting up Authorization is appreciated. I am curious about the steps needed and the reasons for the steps assuming forms authentication like the reference implementation.




David Hayden
Microsoft MVP C#
Feb 2, 2007 at 9:51 PM
Hi David

I believe the reason for the Permission catalog is admin of this right. U have to have a place where you define one permission and its description. U cant use a rule without have an action defined.

The module has to known all action it exposes, then you can administrate this rights and give them to users/roles. When you are mapping url to rules in number 4, you are using actions from the a module. But you are not defining them. so you have to give them a good description.

I have been on a rather large project that did it this way (not as elegant thou) and i like this solution. I have started the task rewritting the whole solution to using the WCSF approach.

Sorry, this is not a explaination, but this way i think the guys behind the Factory has reasoned.

Feb 4, 2007 at 8:12 PM
Thanks, Benny.

Since there are so many steps, this is an opportunity for the team to make the process a lot easier in the next version :)




David Hayden
Microsoft MVP C#
Feb 5, 2007 at 10:26 AM
Step 1 & 2 should the Guidance Package deliver out of the box. One checkbox and u get this.

Step 3 is not a good solution. If you have a big webapplication, like I have, this is to timeconsuming. In our solution we automatic assign all rules to the administrator role. And then one administrator has to assign rules to other roles in gui.

Step 4 should maybe have been merged together with step 5.

I dont understand why SiteMapNodes are assign to roles. It would maybe have been more elegant to assign rules to them?