Design And Implementation Of Reusable Access Control Component Based On RBAC

With the rapid development of information and network technology, the functionalcomplexity of information system is in the continuous increase, and its coverage of the usergroup is also constantly expanding. The current information system is often required to facevarious users from the internet, and provide different functions to different users, which hasput forward higher requests for the access security of information system. As the central partof the system access security, access control takes the key responsibilities of the usermanagement, authentication and authorization, playing a decisive role in the informationsystem. In the design and development processes of information system, the core needs of theaccess control are often much about the same. Therefore, if the access control functions canbe implemented as separate reusable component, there will be great significance for reducingdevelopment cost and improving system security. Specific to the ASP.NET platform, thispaper designs and implements a reusable access control component based on RBAC, appliesit to the actual project, and achieves the desired results.The main work of this paper is as follows:(1) Introduces the background and researchsignificance of the topic, research status at home and abroad, as well as the technical route ofthis paper.(2) Make research overviews about the related technologies and basic theory of theaccess control: mainly study the RBAC access control model and its advantages, discuss themethods of request interceptor implemented in the two different frameworks (Web Form andMVC) on ASP.NET platform, research the abstract factory pattern and put forward theimplementation methods of alternative data provider.(3) Completes the requirement analysis of access control component. Using UML tools and systems analysis methods, takes thedetailed requirements of the access control component through requirement statements anduse cases analysis.(4) Based on the requirement analysis, this paper further designs the accesscontrol component, formulates the hierarchical and modularized system architecture,establishes analysis class diagram for each use case, and completes the class design anddatabase design.(5) According to the results of the analysis and design, this paper achievesthe reusable access control component based on RBAC. This paper specially expounds thekey technology of realization, such as: the realization of configuration and loading of themodule, the implementation of alternative data provider and the achievement of requestinterceptor based on the different frameworks, etc.(6) Combined with specific projects, thispaper applies the access control component to the purchase-sell-stock management system forcertain building materials and obtains the ideal effect, improving the development efficiencyof the project and reducing the development cost.