Web App: CSLA and non-CSLA parts

Web App: CSLA and non-CSLA parts

Old forum URL: forums.lhotka.net/forums/t/9464.aspx


cjherasmus posted on Thursday, September 02, 2010

I have a company internet web app and would like to convert it to use CSLA. There are company users that can maintain data and internet (non-company) users that can only search and download.

The default page of the web app is a document search and download page that needs to be exposed to the both company users and internet users. I assume using CSLA for this page won't work because of the full trust issue.

To get from the default page to the rest, users would require to log in.

Would it be possible to have the default page running without CSLA, and login with the rest of the webapp running with CSLA? For the default page I could just use "normal" ADO methods. The environment doesn't allow Silverlight.

RockfordLhotka replied on Thursday, September 02, 2010

The "full trust" issue has nothing to do with user security. It is the .NET mode for the web app itself. All pages in the web app are either in full or partial trust, because that setting applies to the entire app.

cjherasmus replied on Thursday, September 02, 2010

I'm fully aware that "full trust" has nothing to do with user security. The "full trust" I'm refering to is related to the use of the CSLA.dll from outside the company domain and firewalls. They won't give me full trust on the webserver for the CSLA.dll. The idea was to split the web app in a "CSLA part using the csla.dll" which caters for functionality inside the company domain, and a "non-CSLA part not using the csla.dll" which caters for functionality outside the company domain.

RockfordLhotka replied on Thursday, September 02, 2010

So you are going to build two separate apps that run on different web servers?

cjherasmus replied on Thursday, September 02, 2010

App 1 on the intranet server for data capturing and uploading of files, and App 2 on the internet server for search and downloading of files. The App2 users will never capture data or upload files, they are outside the company. In the company there are other users that also want to search and download but they will never capture data or upload files.

Well, from what I understand from the requirements this would be the case. This is why I'm not sure where CSLA is going to fit in, and how would I overcome csla.dll 's full trust issue, with the users outside the company who will be accessing App 2 on the internet server.

 

RockfordLhotka replied on Thursday, September 02, 2010

I don't know either.

What's interesting is that most of CSLA no longer requires full trust. All the work we did to support Silverlight, and then to organize the assemblies for .NET 4 (in CSLA 4) means that the things that require full trust (BinaryFormatter, NetDataContractSerializer, reflection) are now essentially optional. However, the .NET build of CSLA still uses those things - because there are limitations imposed on you if you switch to the Silverlight model.

Pure CSLA object models, using managed backing fields and all the other current syntax, would probably work as-is, but older code surely wouldn't.

Of course this is all speculation. I haven't even enabled the use of MobileFormatter within pure .NET code, and even if I did that I'm not entirely sure what other partial trust issues would crop up.

Certainly you couldn't be 3-tier, because that's require the use of WCF, and that requires full trust (NetDataContractSerializer again). But it might be possible to do a 2-tier deployment (web server talking directly to SQL Server) and be partial trust - I don't know.

It might, just maybe be as easy as changing Csla.Serialization.SerializationFormatterFactory to support MobileFormatter as a config option. That'd be an interesting experiment that you could try if you'd like. I have no idea what that might do - but I suspect that all modern syntax objects using managed backing fields will just work.

Copyright (c) Marimer LLC