Table or row level security in ASP.NET MVC 5 and Entity Framework 6

asp.net-mvc asp.net-mvc-5 authentication entity-framework entity-framework-6

Popular Answer

Zzz-5-Zzz is what you require.

Axiomatics, the firm I work for (disclosure: I work there), has a policy-driven solution for data filtering and masking. It means that it is feasible to limit what a user can SELECT, INSERT, and DELETE depending on policies and characteristics.

It functions by having you define a policy, such as:

  • Only when userId == assignedDoctor may a user with the role of doctor perform the action == SELECT on the table == MEDICALRECORD.

Then you put a proxy between the application and the database, which will intercept the flow and insert the appropriate SQL filter statement (usually a WHERE clause), for example:

  • SQL uncovered:SELECT * FROM medicalrecords
  • Clause produced at:WHERE medicalrecords.assignedDoctor='Alice'
  • Last SQL command submitted to the database:SELECT * FROM medicalrecords WHERE medicalrecords.assignedDoctor='Alice'

The policies provide attribute-based access control and are in the standard format xacml (also known as abac).

You might find the following links helpful:

1
6/1/2015 2:35:54 PM


Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow