I'm new to CSLA 4 and try to understand how security and authorization works (Windows Authentication for the first step).
I've bought the CSLA 4 eBook series but the Security book is not available yet. What could you suggest as a beginners documentation for security and Authorization / Authentication for the moment?
The authorization functionality in CSLA is entirely unaffected by your choice of authentication. Authentication is security, authorization is business logic.
My blog has some information about the CSLA 4 authorization rules system, and right now that's the only real documentation around creating authorization rules (and perhaps some other forum posts).
When it comes to authentication, the behavior is the same from 3.8 to 4. The Core 3.8 video series includes a video covering this topic.
Basically for Windows authentication:
Obviously this all only works if the user is logging into a domain account on their client workstation. That implies that the workstation is part of the domain, or that they are hitting a web page that is domain-secured. I don't (and won't) talk in depth about how to get client workstations and/or web pages to do Windows authentication - those are IT Pro topics that are (in all honesty) outside of my expertise. Because there are many variations on how to configure domain security, client policy, and all that stuff, I focus on how to make CSLA work within the context of a domain that has been set up by a competent IT group.
Copyright (c) Marimer LLC