Simple Permissions Based Authorization

Loremipsum.Permissions is a .NET library you can use to perform permissions based authorization. It allows you to administer the permissions as well as assert a member's authorization for a particular action, inheriting group permissions, and defaulting to deny anything not explicitly given.

Getting Started

Start by creating a simple C# console application and installing the Nuget package:

Install-Package Loremipsum.Permissions

You wil also need to install a permissions storage library. For this example just use the RavenPermissionsStore Nuget package

Install-Package Loremipsum.Permissions.RavenPermissionsStore

And the RavenDB Embedded database library for the sample.

Install-Package RavenDB.Embedded

If you would like more information on RavenDb be sure to checkout their website

Finally replace the Main function in Program.cs with the following:

static void Main(string[] args)
    Console.WriteLine("Initializing in memory document store, just a moment please...");
    IDocumentStore ravenStore = new EmbeddableDocumentStore() { RunInMemory = true };
    IPermissionsStorage permissionsStore = new RavenPermissionsStorage(ravenStore);

    // The default 'agent' provides permissions administration and assertion.
    // See the PermissionsAdminister and PermissionsAssertion interfaces.
    DefaultPermissionsAgent agent = new DefaultPermissionsAgent(permissionsStore);

    IPermissionsAdminister administer = agent as IPermissionsAdminister;
    administer.GrantRight("johndoe", "openfile");
    administer.DenyRight("johndoe", "startmeeting");

    administer.GrantRight("management", "startmeeting"); // Group permission
    administer.GrantRight("developer", "writecode"); // Group permission

    IPermissionsAssertion asserter = agent as IPermissionsAssertion;

    // Simple user right.
    bool allowed = asserter.IsAllowed("johndoe", "openfile", "management");
    Console.WriteLine("Is johndoe allowed to open a file? (expect true) " + allowed);

    // User rights inherited from group.
    allowed = asserter.IsAllowed("janesmith", "writecode", "developer");
    Console.WriteLine("Is janesmith allowed to write code? (expect true) " + allowed);

    // User explicit right overriding group right.
    allowed = asserter.IsAllowed("johndoe", "startmeeting", "management");
    Console.WriteLine("Is johndoe allowed to start a meeting? (expect false) " + allowed);

    // User denied if not explicit right given.
    allowed = asserter.IsAllowed("johndoe", "somerandomaction", "management");
    Console.WriteLine("Is johndoe allowed to do some random action? (expect false) " + allowed);


Now run the application. What this does is first creates an in memory RavenDb store which will hold the permissions. Then you're adding permissions for a sample user and some groups. Finally you're checking to see if the user is allowed certain actions. This is a very simple example application. You would more likely use this in an ASP.NET MVC web application, in which case you use a custom authorization attribute, this is in the works at the moment.

Integration with ASP.NET MVC

In your ASP.NET MVC web application install the Loremipsum Permissions ASP.NET MVC package, along with the Loremipsum.Permissions package and your permissions storage package.

Install-Package Loremipsum.Permissions.AspNetMvc

Add the ApplyRequiresPermissionAttribute to your global filters. The sample below is using RavenDB for the data store.

// Setup and add the permissions authorization filter
var documentStore = new DocumentStore { Url = "URL to your document store" };
var permissionsStore = new RavenPermissionsStorage(documentStore);
var agent = new DefaultPermissionsAgent(permissionsStore);

// Sample permissions
(agent as IPermissionsAdminister).GrantRight("johndoe", "ViewAbout");
// End sample permissions

var permissions = new ApplyRequiresPermissionAttribute(agent, Roles.GetRolesForUser);


Then all you have to do is apply the RequiresPermissionAttribute to your methods and/or controllers specifying the activity to check for

[RequiresPermission("Take Over The World")]
public void SomeAction().......


Loremipsum.Permissions is open source and licensed under the Apache 2.0 License. The source code is on Bitbucket. You can report any bugs or feature requests on the issues board, pull requests are always welcome and encouraged.