security to the class based on roles

yh_ink posted on Thursday, October 19, 2006

I want to set up security to my classes so that only authorized user can use the class else an exception to be throw.so when i first call the class in my constructor i want to check if the user is authenticated.How should i implement this.

ajj3085 replied on Thursday, October 19, 2006

Check out the Project class from the ProjectTracker demo. 

You define some static members to get a boolean to determine if an opeation (such as fetch) is allowed.  Then in your fetch factory methods, you throw a security exception if the user doesn't have permission.

HTH
Andy

yh_ink replied on Thursday, October 19, 2006

I had a look the project class.Would you please show me a simple example here of the static method you are talking about?

 

ajj3085 replied on Thursday, October 19, 2006

In the project class, check out the method at line 201 and the method at 235 (assuming csla 2.1)

Andy

yh_ink replied on Thursday, October 19, 2006

i am using Expert c# business objects not the Expert c# 2005 business objects book.Would any one help me with this

ajj3085 replied on Friday, October 20, 2006

Its the same in both versions of the book.  Look on page 479 of your book (I have both editions), all three code samples show checking the user's role, and if the user doesn't belong to one of the specified roles, a security exception is thrown.

The only difference is that in the new edition of the book, Rocky wraps up the big if statement checking roles into a seperate method, called CanEdit or something like that.  The concept is the same, and the CanEdit static method is a good idea because you can expose that to the UI, which can hide controls or menus based on its return value.

HTH
Andy