The beauty of ASP.Net is that some of the core framework components can be replaced by custom implementations by writing the appropriate Provider classes by using the Provider Model.
In the following series of article, I will show a customer implementation of the ASP.Net Membership Providers to extend the Memberships.
Reason of extension
The current Membership implementation is role-based i.e. the user should be in a role to be able to access a feature of your application.
For example, if we have a page with some UI elements whose access depends on role assigned to the user, we can imagine to write code as below:
bool has_access_role1 = this.Page.User.IsInRole("Role1"); bool has_access_role2 = this.Page.User.IsInRole("Role2"); if(has_access_role1) { // do something with Role 1... } if(has_access_role2){ // do something with Role 2... }
There are a couple of important but subtle assumptions being made in this code snippet:
- There is an assumption of knowing all the Roles, their names & behavior in the application
- The implementation and responsibilities of that Role are baked into the application and if there is any future change in this, the code will also need to change
While this is acceptable in most scenarios, I would prefer having another level of abstraction which will remove some of these assumptions and code dependencies.
Introducing Access Points
The implementation I am showing below called as “Access Points” provides this abstraction and is a concept I have been working with in some of my other projects.
- Each protected element is associated with a single entity called “Access Point” which has is a simple boolean (TRUE|FALSE)
- Access Points are assigned to a Role or a User
- When an Access Point is assigned to a Role, the User get assigned to that Access Point by virtue of being assigned to the Role
- When an Access Point is assigned to a User, it an additional permission which can be set per-user basis
With this implementation, we should be able to re-write the above code sample as below:
var has_access_point1 = (this.Page.User as IAccessPointAware) .HasAccessPoint("AccessPoint1"); var has_access_point2 = (this.Page.User as IAccessPointAware) .HasAccessPoint("AccessPoint2"); if(has_access_point1){ // do something... } if(has_access_point2){ // do something more... }
Some of the advantages this mechanism gives us are:
- The application has a finite set of control points, which is governed by the developers of the application
- The Application Administrators can create roles for the application and assign Access Points to that role as needed
- There is no dependency between the code written in the application and the implementation of the roles for the application
- With this, the Application Administrators can add/update/delete roles as needed without any impact on the application
- If a single user needs a permission or access to a single element, the Application Administrator can assign that Access Point to the single user
Next steps
If this something that interests you, please follow on to the next part this series which covers:
- Part 1 – an introduction to the Access Point concept
- Part 2 – database changes needed to enable Access Points
- Part 3 – code to enhance the ASP.Net Memberships and Roles
- Part 4 – some common usage patterns and advantages
- Part 5 – a simple UI implementation to show use of Access Points
- Part 6 – an admin console to manage Access Points
Happy Coding!
References
4GuysFromRolla 2005, A look at ASP.Net 2.0’s Provider Model – http://www.4guysfromrolla.com/articles/101905-1.aspx
Rob Howard, Provider Model Design Pattern and Specification – http://msdn.microsoft.com/en-us/library/ms972319.aspx