Creating an authentication trough competences

Creating an authentication trough competences

Old forum URL: forums.lhotka.net/forums/t/11503.aspx


Tobique posted on Tuesday, July 24, 2012

Hy I'm a new csla user and i have a question.

 

My application has a user db witch authenticates trough competences instead of roles.

Now my question is can i modify the Framework so it does it for me just like the isInRole Authentication?

 

ex. HasCompetence(order)

 

thx

JonnyBee replied on Tuesday, July 24, 2012

Hi,

read this blogpost from rocky: http://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx 

Tobique replied on Tuesday, July 24, 2012

Thx I'll try this then, any Tips for helping me load the permissions instead of the roles? or do I just edit use the CSLAPrincipal and CSLAIdendity as base classes and edit witch information is loaded.

vschaak replied on Wednesday, July 25, 2012

Hi Tobique,

first of all, you may probably want to inherit form cslaIdentityBase, since you'll be able to add properties and functionality. For example properties like 'realName' or 'PWDExpired' or a functionality to change password, just to name some.

In the process of fetching uservalidation-data from your DB, you're free then to retrieve your list of permissions, eventually as a list of strings as a simple approach and add them to the CSLA-Roles, which is something like a mobileList(of string), if I remember correctly.

That's all. You only have to take care not to puzzle things, as many authorization-systems use Roles ('Salesmanager' or 'admin' as an example) to group permissions ('EditThis' or 'deleteThat' for example) and/or users. In such environment one has to be clear, that those Roles are only to simplify permission and/or user-managment and have no direct relevance for your authorization object, which only has to know about permissions, not roles! Therefore your DB-query to fetch your Identity-class should retrieve permissions to add them to the CSLA-roles, no roles, if present in your authorization-system.

Hope this helps!?

Best wishes

Volker

Copyright (c) Marimer LLC