Objective
To implement a security layer on your application
Assignment
The security layer on any application must always be a well documented layer that ensure that the application provides the necessary security to ensure that information and data are only available to those who should have access. This access can be all elements of a CRUD application and users that may have Create access do not necessarily have U and/or D access.
For this assignment you will document the security requirements and plan for the application. This will also include how the security will be implemented. Microsoft has a complete robust set of classes to manage this this in their membership model and it is well worth looking at this model – https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membership?view=netframework-4.7.2
Your submission will be a link to your documentation along with a single example of a deployed security layer. You can demonstrate this by providing 2 levels of access and any action (Update or Delete works well) that is accessible to one role and not to another. You can provide this in your documentation and submit the documentation with screen captures.
In addition to the security layer – you will also have to provide an interface to manage these roles and this must also be documented. You MAY use pre-packaged role management based on your development environment – but you will also need to document this.
Resources
Role Based Security – Role based security is probably the most common of the security protocols. The typical role based security uses subjects, roles, and permissions (sometimes other names are used). Subjects can have multiple roles and roles almost always have multiple subjects. Roles are assigned permissions to different resources. The mapping of a subject, role, and permission is sometimes called a Session. Roles in role based security can be User, Admin, Editor and these can include many Permissions. You can read about role based security at https://en.wikipedia.org/wiki/Role-based_access_control
Microsoft ASP.NET Role Based Security – In the Microsoft world role based security is built into .NET and is called the Membership model. It is easy to implement as all classes are already built into .NET More is available at https://docs.microsoft.com/en-us/aspnet/web-forms/overview/moving-to-aspnet-20/membership
Microsoft Core Security Model – With .NET 4.5 Microsoft updated the model, the full current documentation is at https://docs.microsoft.com/en-us/dotnet/api/system.web.security.membership
A good article that covers the Microsoft authentication model step by step is here – https://code.msdn.microsoft.com/ASPNET-MVC-5-Security-And-44cbdb97
A really good video that will get you completely through this is at – http://pluralsight.com/training/Player?author=scott-allen&name=aspdotnet-mvc5-fundamentals-m3-identity&mode=live&clip=0&course=aspdotnet-mvc5-fundamentals
Node.js Role Based Security – All of the stacks typically have support for authentication or a method to use a library. Node is no exception and you can read a lot about the model at https://blog.nodeswat.com/implement-access-control-in-node-js-8567e7b484d1
Others – Each student in this class is using a different stack (the number of stacks is the same as the number of students). Please all send me links you have reseached for your respective stack and I will include it here).