I need to implement a security framework for a multiuser application that is in the design phase. I intend to use a Role based access control RBAC Security model (- BUT which can be further refined by the user adding additional privileges).
Are there any existing C# "security frameworks" that I can use (at least as a starting ground), or do I have to write it from scratch?
As an aside, I would prefer a "pure library" approach - as I don't want to be constrained to desktop or web application type using the security framework.
The .NET framework makes it very easy to implement Role-Based security in your application. Enforcing security consists of two parts, Authentication and Authorization. The .NET framework provides access to the user through an identity and authorization access through a principal. Thread.CurrentPrinicpal gives you access to the current principal assigned to the executing thread.
You can implement role based security framework easily by using IPrincipal and IIdentity interfaces.
Here is a complete example to create your RB security framework.