Is it possible to temporarily override or elevate Authentication

McKay posted on Monday, September 28, 2009

Hello. I’d like to use custom Authentication for my objects and a WPF UI, as described in chapter 12 in Expert C# 2008.
Is it possible to override or elevate a users privileges to grant them temporary access to an object(s). For example. Say a user wants to edit an object but does not have permissions. They call over the supervisor who does have permissions. How could that supervisor grant the user access to make the change and then have their privileges return to normal?
Is this possible using csla authentication?

alexsychev replied on Tuesday, September 29, 2009

Well, it is definitely possible, because we do exactly the same in our project.

We details of implementation depend on the level of security you need to have and whether you want to implement server side authorization checks.

McKay replied on Tuesday, September 29, 2009

Hi. I'm only looking at the client side. Specifically on the UI. So if a business object Allow Get or Allow Edit is false then I would like to prompt for another account. This will allow for an admin type person with permissions to allow the get or edit on the object. Once the form is closed I'd like the identity to return back to the first user.
Do you store the first identity and then substitute it with the second and then swop it back?