Project Description
Themis is a lightweight, extensible authorization system, providing a explicit and strong type way of defining and demanding permissions.

The main idea behind Themis is to allow a few dimensions of configuration, with no impact on your domain model (no interface to implement in your domain model). The configuration is code only (there is none xml file needed) and created with strong typed lambda expressions, hence any refactoring touching your model should work also with authorizations.

Themis contains a version easily integrating with NHibernate 3.0 allowing you to filtering queries results on the basis of authorizations. For more information visit my blog: or follow me at


Writing a role definition (for reading about how to create your own BaseRoleDefinition view documentation):

/// <summary>
/// The definition of authorization for <see cref="ManagerRole"/>
/// </summary>
public class ManagerRoleDefinition : BaseRoleDefinition<ManagerRole>
    public ManagerRoleDefinition()
        // all motions for unit managed by one with the specific manager role
        View<RecruitmentMotion>((managerRole, recruitmentMotion) => recruitmentMotion.ForUnit.Id == managerRole.ManagedUnit.Id); 

Creating the service instance for authorizations

// creating the service once, during the application startup
var service = Fluently.Configure()
                .AddRoleDefinition(new ManagerRoleDefinition())
                .AddRoleDefinition(new SupportingManagerRoleDefinition())
Using service, after providing a small, domain specific extension method

// somewhere in code
bool canView = _service.CanView(recruitmentMotion, roles);

Need more? Visit doc page

Last edited Feb 8, 2011 at 6:17 AM by scooletz, version 11