Can we override the Authorization Module to write custom access rules? (.NET 2.0)

[dorionda]

Hi everyone,

Is it possible to override the Authorization Module so that I could add
a custom parameter to the <allow> tag in the Web.Config?

example:

<configuration>
<system.web>
<authorization>
<allow usersInGroup="Group A"/> /*<< custom parameter here */
<allow roles="student"/>
<deny users="*"/>
<deny roles="*"/>
<deny usersInGroup="*"/>
</authorization>
</system.web>
</configuration>

 

[Joe Kaplan \(MVP - ADSI\)]

You would need to write your own. It is not inhertible.

Have you considered just adding "Group A" to the user's roles? You could
add a shim module that would run after authentication that would create a
new IPrincipal and stuff some additional roles in there or something.

Joe K.

 

[Dominick Baier [DevelopMentor]]

i don't see a difference between roles and usersInGroup???!!!

 

[Joe Kaplan \(MVP - ADSI\)]

Perhaps he can elaborate on what he is trying to do? Maybe there is some
hybrid of application-specific roles he is generating and AD groups and we
wants to use both or something? It isn't clear to me. It still seems like
a composite IPrincipal object would be the way to go.

Joe K.