Wpf User Security Strategy

Question

BACKGROUND:

I am creating a WPF application (.NET 4.5 with MVVM-Light)

I have created user roles in the database that backs the WPF application where the users of the WPF App have an assigned role (i.e. user, manager, owner, admin)

WHAT I WANT:

My client wants to be able to restrict what the users see and what the users can do based on their role. There are some views that will be seen by all users, therfore some visual elements (grids, buttons etc..) should be hidden or disabled depending on the users role.

WHAT I HAVE:

I have created an IUserService that gets injected into every viewmodel. The roles that I have created have a field that marks their security level(simply an integer 1 through 5). I want to be able to restrict the visiblity of visual elements based on this number.

For example, My plan is to bind the visibility of the element to a boolean property (using a boolToVisibility Converter) in the viewmodel (Level1, Level2, etc) and that property would return true if the users level matches or is greater than the property level.

MY CONCERNS:

My concern is that this is a lot of work to implement in every viewmodel and on every visual element that is needed. Also, I already have some visual elements that are affected by other business logic.

QUESTION:

What is an efficient way to restrict users ability to "view" visual elements based on a user role strategy?

I am prepared to start this work, But I would love to hear some other ideas from the community on how user role based security is implemented in a WPF application.

I am working with `Prism` and implemented a similar behavior via [region navigation](http://stackoverflow.com/questions/18984879/asp-net-like-form-based-authentication-in-wpf-mvvm-prism/18985193#18985193). I had several views for each role and in the `ConfirmNavigationRequest` decided who gets access to which view. maybe there is a similar interface in MVVM-Light ... — Omri Btian, Oct 06 '13 at 07:26
I would bind the visibility of controls you want to manage to a property which represents current user role, using a converter which returns required visibility state depending on current role. Also you can pass allowed role using converter parameter. — Taras, Oct 06 '13 at 07:42
As a warning, if you use a tool like Snoop you can change the visibility of controls at runtime so its important to ensure security is enforced at lower levels as well. — gouldos, Jan 13 '17 at 13:11

Omri Btian · Accepted Answer · 2013-10-06T09:48:17.517

You can create an attached property to determine each control's access level

public class VisibilitySecurityLevel 
{
    public static readonly DependencyProperty SecurityLevelProperty = 
        DependencyProperty.RegisterAttached("SecurityLevel", typeof(int), typeof(FrameworkElement), new PropertyMetadata(5));

    public static void SetSecurityLevel(UIElement element, int value)
    {
        element.SetValue(SecurityLevelProperty, value);
    }
    public static int GetSecurityLevel(UIElement element)
    {
        return (int)element.GetValue(SecurityLevelProperty);
    }
}

Apply it to the control's you want to be managed by user role

    <Button local:VisibilitySecurityLevel.SecurityLevel="3"/>
    <CheckBox local:VisibilitySecurityLevel.SecurityLevel="2"/>

use a base implicit style that will bind the visibilty of the controls based on thier security level using a converter

       <local:AccessLevelToVisibilityConverter x:Key="AccessLevelToVisibilityConverter"/>
       <Style TargetType="{x:Type FrameworkElement}">
            <Setter Property="Visibility">
                <Setter.Value>
                    <MultiBinding Converter="{StaticResource AccessLevelToVisibilityConverter}">
                        <Binding Path="UserRole"/>
                        <Binding RelativeSource="{RelativeSource Mode=Self}"/>
                    </MultiBinding>
                </Setter.Value>
            </Setter>
        </Style>

The converter:

public class AccessLevelToVisibilityConverter : IMultiValueConverter
{
    public object Convert(object[] values, Type targetType, object parameter, CultureInfo culture)
    {
        int userRole = (int)values[0];
        int controlAccessLevel = (int)(values[1] as FrameworkElement).GetValue(VisibilitySecurityLevel.SecurityLevelProperty);

        return (userRole <= controlAccessLevel) ? Visibility.Visible : Visibility.Hidden;
    }

    public object[] ConvertBack(object value, Type[] targetTypes, object parameter, CultureInfo culture)
    {
        throw new NotSupportedException();
    }
}

Note that in my implementation the lowest user role 5 is the most restricted one (can only see controls with access level of 5) and user role 1 is the most privileged (can see controls with access levels 1 -5). This is why the default access level is 5 (new PropertyMetadata(5)) and The converter is binded to an integer UserRole property in the viewModel indicating the user's access priviliages (1 - 5)

Hope this helps

a bit of time after, but I ended up using this approach. Thanks Omribitan — J King, May 22 '14 at 21:49

score 2 · Answer 2 · answered Oct 06 '13 at 07:59

According to my comment, here is converter:

class SecurityLevelToVisibilityConverter : IValueConverter
{
    public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture)
    {
        return !(int.Parse((string)value) < int.Parse((string)parameter)) ? Visibility.Visible : Visibility.Collapsed;
    }

    public object ConvertBack(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture)
    {
        return null;
    }
}

And here is an example of how you can use it in XAML:

<Button Style="{StaticResource MyButtonStyle}" 
        DataContext="{DynamicResource System.CurLevel}" 
        Visibility="{Binding Path=Value, Converter={StaticResource SecurityLevelToVisibilityConverter}, ConverterParameter=3}"/>

"ConverterParameter=3" means that users with security level of "3" can see the button.

This will mean you'll have to specifiy `Visibility="{Binding Path=Value, Converter={StaticResource SecurityLevelToVisibilityConverter}, ConverterParameter=X}"` for each control in your xaml which can drastically complicated it ... — Omri Btian, Oct 06 '13 at 09:56

Wpf User Security Strategy

2 Answers2

Linked