M# Tutorials

Learn to build .NET applications with M#. Our step-by-step tutorials will get you up-to-speed rapidly.
If you already know ASP.NET and C#, you can master M# in a week or two.

Role Based Security

In the previous tutorial “User Authentication”, we looked at M# framework implementation for managing user authentication. Authentication only identifies a legitimate user but being a legitimate user often does not fulfil the security requirements and therefore the concept of authorization is put in place.

Implementing authorization involves applying restriction for certain areas, which are designated to specific group(s) and only allowing a legitimate user of that specific group to access the information. These groups are called roles and in this tutorial we will discuss how M# allows developers to implement role based authorization.

Defining Roles

Roles are defined in the project settings in M# as simple text. These roles are then allocated in Business logic for each entity type which implements IUser Interface. In order to allocate a role for any IUser type entity you implement “GetRoles” method defined in the IUser interface. Detailed information on managing roles is discussed in tutorial Role in chpater 13.

Implementing Roles

M# allows developers to implement role based security using attributes available on pages, modules, elements and buttons etc. M# displays a list of all the roles defined in Project settings and lets developers choose single or multiple roles for the specific content in the website.

M# provides attributes for managing visibility of content and execution of code e.g. “Visibility. Roles” for managing role based visibility of modules and elements, “Criteria. Roles” for managing role based code execution and “Roles” to manage access to pages etc.

For detail on implementing roles on pages, please read tutorial Roles in chapter 6.

For details on managing role based visibility, please read tutorial Visibility in chapter 7.