One bit masks for Access Control (setting permissions) in your asp.net applications.

Tuesday, October 2, 2007

All posts have moved to Typps

See you there.

Alessandro

9 Comments

How would you implement this using a Access Database?

OfficialBoss - Monday, October 15, 2007 5:55:22 PM

You only need a single field to store you OR'ed bitmask value. Does not matter what database you use.

alessandro - Monday, October 15, 2007 7:03:47 PM

Hi - Great post :)

Forgive me if I have missed something here - I see how you grant permissions by adding the values to the "bucket" but how do you revoke a permisson? Can you post an example of the code to remove the "post" permission from a user who has all 3 permissons? I have an application using bitmasks to control runtime options and there are quite a few. Assembling some static combinations just isn't possible.

Help!

Lee - Wednesday, April 16, 2008 9:48:01 AM

hi Lee, to clear a flag you can use the bitwise &(AND) operator combined with the ~(NOT). I have covered both the bitwise (&) / (~) operators in a previous post.

You can read about them here : http://weblogs.asp.net/alessandro/archive/2007/10/02/bitwise-operators-in-c-or-xor-and-amp-amp-not.aspx

protected void Page_Load(object sender, EventArgs e)
{
int View = 1;
int Post = 2;
int Reply = 4;
int ViewAndPostAndReply = View | Post | Reply;
Response.Write(string.Format("
{0}: View and post and reply", ViewAndPostAndReply));
int removePost = ViewAndPostAndReply &~Post;
Response.Write(string.Format("
{0}: Removed post", removePost));
if ((removePost & Post) == Post)
Response.Write("
Permission has post privileges");
else
Response.Write("
Permission does not have post privileges");
}

have a good day

alessandro - Wednesday, April 16, 2008 10:33:20 AM

Great post :)

I have one quick question. Can we use this with Code Security attributes (PrincipalPermissionAttributes)? Can you please share your thoughts on this.

Thanks

Krishna - Tuesday, August 26, 2008 3:39:17 PM

You could replace the static ints with the following, correct?
[Flags]
public enum testing
{
View = 1,
Post = 2,
Reply = 4,
ViewAndReply = 5
}

Anon - Tuesday, November 18, 2008 7:39:04 PM

Great post! Regarding Anon's question - assigning ViewAndReply = 5 - I think that won't work, since 5 is not a power of two. Am I correct?

captB - Sunday, January 10, 2010 6:46:26 AM

Thanks for the clean and simple explanation.

Punit - Thursday, September 2, 2010 7:44:46 PM

Great post! Thank you. The comment about negating or revoking a permission was helpful as well, as my current project requires both.

I do have to disagree with one point though. Us programmers tend to like our data stored in a way which closely mirrors what we intend to do with it, but it's always better to keep your data normalized even if you want to consume it in a flattened state.

For instance:

Let's say I have a Roles table:

RoleId RoleName
------ --------
1 View
2 Edit

And I have a linker table to a Users table called UserRoles

UserId RoleId
------ ------

In my code I have an enum for Roles:

public enum Roles
{
View,
Edit
}

Using Linq it's pretty easy to flatten my data into the "buckets" I prefer to work with:
(assume userId was passed into this method)

var userRoles = context.UserRoles
.Where(ur => ur.UserId == userId)
.Select(ur => new
{
UserId = ur.UserId,
RoleName = ur.Role.RoleName
})
.ToList();

return userRoles
.GroupBy(ur => ur.UserId)
.Select(s => new
{
UserId = s.Key.UserId,
RolesBitMask = r
.Select(m => Enum.Parse(typeof(Roles), m.RoleName))
.Aggrigate((allRoles, role) => allRoles | role)
})
.ToList();

//this returns a list of objects which each include the userId and the role bitmask. And my data is properly nomalized!!

LucidObscurity - Thursday, January 13, 2011 1:03:50 AM

Comments have been disabled for this content.