C＃Windows应用程序中基于许可证的配置

Question

I am working on a Windows application in C# (.NET 4.0) and need something to implement some basic ACL rules or more specifically, apply certain configurations based on the user type.

The application has license keys that we are able to use to determine the user type (ie User, Installer, Engineer) among other pieces of information.

Based on the type of user, certain features, menus, buttons, and display data will be different. I could just hard code showing and hiding of these elements in the application based on the user type, but we have a permissions matrix that defines the permissions so I would like to create an ACL so we could easily audit the matrix to the application code.

I have looked around but a lot of the ACL and security code in the System.Security namespace seem to be made for Windows and Filesystem ACLs.

Can someone recommend any existing classes (preferably free) that implement simple ACL's in C#.

I just need to be able to do something like this:

ACL acl = new ACL();
acl.addRole("User");
acl.addRole("Manufacturer");

acl.addResource("SpecialButton");

acl.deny("SpecialButton");
acl.allow("SpecialButton", "Manufacturer");

// so later in my app I can do

theUserType = "Manufacturer";
// ...
if (acl.isAllowed(theUserType, "SpecialButton")) {
    SpecialButton.Visible = true;
}

I'm not looking to try to stop people from tampering with code at runtime, if they want to go out of their way to do that then they can, but I would like an easy way to create and query the ACL's to determine how the GUI looks and what options are available when the program is loaded based on the key.

It's easy enough to create this but if it is already done then that is even better.

Answer 1

If you are deploying your app to Windows 7 or Windows Server 2003/2008, you might want to consider using the free Authorization Manager functionality that comes with Windows.

See here for a full overview from Microsoft.

Essentially, it allows you to define Roles, the Tasks that each Role can perform, and the Operations permissible in each Task.

There is an API which you can use from your C# app to query the Authorization Store, so you can then query what Operations are available to a particular Role. This will give you back an aggregate list of the Operation numbers assigned to that role. Then you can test for the existence of a particular operation (or if it is missing) and customize your UI accordingly.

HTH, Dean.

Answer 2

There really isn't much to what you are talking about.

You have Roles and Roles have Attributes. A single attribute might appear in one or more roles. Simple enough.

The license key defines the role in use. From that, load the list of attributes which could be either a stand alone list of characters ("OPENCONTACT", "EDITCONTACT", DELETECONTACT") or name value pairs (100=OPENCONTACT, 101=EDITCONTACT, etc)

Although you can use AzMan for this, it's a bit more than it sounds like you need.

The Role / Attribute list could be delivered as an encrypted resource that's loaded at runtime...