Csla Security Credentials

Csla Security Credentials

Old forum URL: forums.lhotka.net/forums/t/7939.aspx


decius posted on Tuesday, November 03, 2009

I'm upgrading some of the security stuff at my workplace and was hoping for some feedback on a few things. For the Identity's criteria, in the past I have always just extended the EditableRoot class to get some validation features.  However, I'm aware of the CriteriaBase like what's used in the Rolodex (example below).

Should I avoid using EditableRoot's as my criteria? Is it too much bloat? 

[Serializable()]

public class HeroLoginCrit : CriteriaBase

{

public enum CheckTypes { Login, IsSignedIn }

public HeroLoginCrit() { }

private string _userId;

private string _visn;

private string _password;

private string _catchment;

private string _vasId;

public string UserId { get { return _userId; } }

public string Password { get { return _password; } }

public string Visn { get { return _visn; } }

public string VasId { get { return _vasId; } }

public string Catchment { get { return _catchment; } }

public HeroLoginCrit(

string userId,

string visn,

string password,

string catchment,

string vasId

)

: base(typeof(HeroLoginCrit))

{

_userId = userId;

_password = password;

_catchment = catchment;

_vasId = vasId;

_visn = visn;

}

 

protected override void OnGetState(Csla.Serialization.Mobile.SerializationInfo info, StateMode mode)

{

info.AddValue("_userId", _userId);

info.AddValue("_password", _password);

info.AddValue("_visn", _visn);

info.AddValue("_vasId", _vasId);

info.AddValue("_catchment", _catchment);

base.OnGetState(info, mode);

}

protected override void OnSetState(Csla.Serialization.Mobile.SerializationInfo info, StateMode mode)

{

_userId = (string)info.Values["_userId"].Value;

_password = (string)info.Values["_password"].Value;

_password = (string)info.Values["_vasId"].Value;

_password = (string)info.Values["_visn"].Value;

_password = (string)info.Values["_catchment"].Value;

base.OnSetState(info, mode);

}

}

Regent replied on Tuesday, November 03, 2009

Whatever you use as a fetch criteria should be serialized and passed to the DataPortal so I think it's better use as simple object as possible to preserve data being transferred over the network.

As for me I prefer using SingleCriteria for fetching single-key based entities or to use private nested criteria class (derived from Object) of the class to be fetch if I need to use complex key.

Particularly for HeroLoginCrit class presented - I don't understand the reason for overloading OnGetState/OnSetState...

decius replied on Tuesday, November 03, 2009

 I don't understand the reason for overloading OnGetState/OnSetState...

It's for serializing private members of the class with the mobile formatter.  When derived from ManagedObject which is what CriteriaBase extends, you don't get the benefits of serialization that some of the other classes have, thus manually performing this copy yourself.  Again, you can see that in the Rolodex example. A lot of that has to do with the limitations of the mobileformatter when in Silverlight.

Thanks for your input, perhaps I'll look into just how much bloat the editableroot class adds to the wire before I make a decision.  Csla rules help us out a lot with keeping our business logic standardized for criteria around here, so it's hard for me to just let it go.

RockfordLhotka replied on Tuesday, November 03, 2009

CriteriaBase supports managed backing fields, so you shouldn't have to deal with private backing fields and manual serialization unless you choose to do so.

The only thing CriteriaBase doesn't have that you get in ReadOnlyBase (for example) is the overload of RegisterProperty() that auto-detects the containing type, so the first parameter must be the type of your particular class.

ajj3085 replied on Wednesday, November 04, 2009

When would you want to use Managed backing fields for a criteria?  I assume private backing fields still work, as I have quite a bit of them on the latest 3.7 or .8 release.

RockfordLhotka replied on Wednesday, November 04, 2009

If you are building a Silverlight app that talks to an app server you’ll want managed backing fields so you get automatic serialization.

 

Copyright (c) Marimer LLC