Mandatory Access Control

Setup

  static MyDbContext() {

    //MAP PROPERTIES AS 'CLASSIFICATIONS'
    EntityAccessControl.RegisterPropertyAsAccessControlClassification(
      (ArchiveEntity e) => e.TenantName, "Tenant"
    );

    EntityAccessControl.RegisterPropertyAsAccessControlClassification(
      (DocumentEntity e) => e.ConfidentialityLevel, "ConfLevel"
    );

    //USE AMBIENT SCOPES (comming via CurrentSecurityToken) AS 'CLEARANCES'
    EntityAccessControl.ClearanceGetter = (
      (scopeDimension) => {
        if (scopeDimension == "Tenant") return GetPermittedTenantsFromCurrentSecurityToken();
        if (scopeDimension == "ConfLevel") return new string() {4,3,2};
        return new string[] { };
      }
    );

  }

Usage with EF

using (var db = new MyDbContext()) {

  DocumentEntity[] documentsAllowedToLoad = db.Documents
      .AccessScopeFiltered() //<< THIS COMES FROM US
      .Where((doc)=>doc.Name.Contains("Bar")
      .ToArray();

};

It is also evaluating the clearances for the Tenant-Field, located at the ArchiveEntity (which is the principal of the DocumentEntity), which were accessing!

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
Lib.code		Lib.code
Lib.net461		Lib.net461
Lib.net5.0		Lib.net5.0
Lib.net6.0		Lib.net6.0
Tests.code		Tests.code
Tests.net461		Tests.net461
Tests.net5.0		Tests.net5.0
.gitignore		.gitignore
EFCore.DataAccessFilter.sln		EFCore.DataAccessFilter.sln
KornSW.EntityFrameworkCore.DataAccessFilter.nuspec		KornSW.EntityFrameworkCore.DataAccessFilter.nuspec
Pack-KornSW.EntityFrameworkCore.DataAccessFilter.bat		Pack-KornSW.EntityFrameworkCore.DataAccessFilter.bat
PackageIcon.png		PackageIcon.png
nuget.config		nuget.config
nuget.exe		nuget.exe
readme.md		readme.md

KornSW/EntityFrameworkCore.DataAccessFilter

Folders and files

Latest commit

History

Repository files navigation

Mandatory Access Control

Setup

Usage with EF

About

Topics

Resources

Stars

Watchers

Forks

Languages