Authorization determines whether an identity should be granted access to a specific resource. ASP.NET maps users and roles to URLs in ASP.NET applications. With URL authorization, you explicitly allow or deny access to a particular directory by user name or role. When your application URL authorization requirements are satisfied by user name or role, you can use the ASP.NET authorization module.
.gif) Note: |
|---|
| ASP.NET also supports file authorization. File authorization checks the access control list (ACL) of the .aspx or .asmx handler file to determine whether a user should have access to the file. For more information, see ASP.NET Authorization on MSDN. |
The Composite Web Application Block includes two services that you can use to implement rule-based authorization for URLs:
-
IAuthorizationRulesService. This manages a mapping of rules to URLs.
-
IAuthoriza
t
ionService. This implements the authorization check for a rule.
Figure 1 illustrates the rule-based authorization HttpModule.
.png)
Figure 1
Rule-based authorization module
The AuthorizationRules class implements the IAuthorizationRules service with a collection of URLs (strings) with each URL associated with a collection of rule identifiers (strings). Figure 2 illustrates the AuthorizationRulesService service.
.png)
Figure 2
AuthorizationRulesService service
The Composite Web Application Block also includes an implementation of a service that uses the Enterprise Library Security Application Block. You can configure the Security Application Block to use Authorization Manager, a rule-based provider, or a custom authorization provider. Figure 3 illustrates the EnterpriseLibraryAuthorizationService.
.png)
Figure 3
EnterpriseLibraryAuthorizationService