Business Object Authorization

Business Object Authorization

Old forum URL: forums.lhotka.net/forums/t/3365.aspx

dmccrory posted on Monday, August 13, 2007

I am looking to move the Business Object authorization logic to it's own separte area so I can authorize objects against values stored in a database. I have read most of the threads concerning this type of work and have gotten some valuable ideas and suggestions, but the overall process is still not clear so I thought I would ask here to see what the opinion of experienced people would be.

I see the process going something like this....

  1. The user logs in
  2. The system retrieves any valid roles for the user.
  3. The "Security Manager" loads the appropriate permissions for the roles from the database.
  4. The permissions for any obects requested are managed through the "Security Manager"

Does this sound like the right path to take, or is there an easier or more logical way to accomplish this?

 

Thanks in advance for any recommendations

Marjon1 replied on Monday, August 13, 2007

We are building a complete business application using this exact method, and it is working excellent for us. The most difficult thing for us was to determine how that authorization information was to be created.

We've done this via attributes and then have a BO responsible for putting the actual allow/disallow values into the database. In our scenario, a user can be part of multiple roles but if any role allows authorization then it is allowed, otherwise default false. CSLA, however, thinks that there is only a single role, and the authorization is attached to this role. This is loaded as part of a custom principal object.

The steps that you've outline though will work.

david.wendelken replied on Monday, August 13, 2007

There is one part in this process that isn't clear to me.  I just don't know the syntax necessary.

Let's assume I have the name of the rule type in a string variable, like so:

String  ruleName = "Csla.Validation.CommonRules.StringMaxLength";

And that the rule arguments have been set up correctly in the args variable.

How would I write this line so it would work?

ValidationRules.AddRule(ruleName, args);

Copyright (c) Marimer LLC