Welcome to EntityFrameowrk.Guardian¶
EntityFramework.Guardian is a extension point for Entity Framework DbContext in order to implement Database Security by hooking database operations.
It enables the following features in your applications:
Build-in Interfaces¶
Build-in entity interfaces for implementing database security
Database Operations Hooking system¶
Centralized mechanism for hooking database operations
General Security¶
Restrict/grant access by entity type and access type*
Row-Level Security¶
Restrict/grant access by row identificator and access type*
Column-Level Security¶
Restrict/grant access by column names and access type*
Customization¶
Many aspect of EntityFrameowrk.Guardian can be customized to fit your needs.
access types : get, add, update, delete
Big Picture¶
What is problem?¶
In some kind of applications we need to restrict access to specific tables and/or rows and/or columns based on some context (e.g. User Permissions, Application Permissions and so on).
And there is no build-in way or some kind of library to implement such kind of things in application layer.
How we solve this?¶
We introduce EntityFramework.Guardian. This solution allows you to implement database security in easy and right way.
Guardian introduces access types:
Also Guardian introduces set of interfaces for implementing entitites that are presenting permissions that are linked to entity type, row and columns.
Here is simple entity interface that presents permission that is linked to entity type.
Guardian set two guards for Modifing and Retrieving operations:
- Retrieve ( get ) guard is set in ObjectContext.ObjectMaterialized event.
- Modify ( add, update, delete ) guard is set in ObjectContext.SavingChanges event.
General part of guardian is GuardianKernel. This object holds following components:
- Guards - ModifyGuard and RetrieveGuard, these guards invoke defined policies
- Policies - Policies define set of rules to be applyed to entities and permissions
- PermissionsService - Service for retrieving general and row level permissions.
- EntityKeyProvider - Service for returning string representation of passed entity identificator
All these components are configurable.
Installation¶
Guardian is separated in two packages:
- EntityFramework.Guardian - include everything needed for guardian (including dependecy to EntityFramework.Guardian.Entities)
- EntityFramework.Guardian.Entities - include all permission entity interfaces
Install NuGet Guardian package from Package Manager Console:
PM> Install-Package EntityFramework.Guardian
If you want only interfaces of permission entities ( in case your entities are in separate project ) you can install NuGet Entities package from Package Manager Console:
PM> Install-Package EntityFramework.Guardian.Entities
It includes only interfaces to permission entities.