I mean is there any default values for any properties in
business class i have to put .
You are free to not implement any authorization rules and CSLA will work just fine. What will happen is that CanReadProperty() and CanWriteProperty() will always return true.
However, you will still have to derive some sort of Principal class from BusinessPrincipalBase and set it to be the current "user" of your application.
That exception is gone in 3.6 btw.
In 3.6 the rules are (by default) simpler:
1. With CslaAuthentication=Csla the principal is serialized through the data portal, so it must be serializable – that’s the only constraint
2. With CslaAuthentication=Windows the principal is unaffected by the data portal and CSLA uses whatever principal exists on the client and server – it is up to you and IIS and WCF and ASP.NET and whatever other technologies to get the principal values to be correct
And if CslaAuthentication=Csla, you can provide a bit of code that is run at the start of every single server call, where you can authenticate the principal provided by the client. This is where I used to throw the BusinessPrincipal exception, but now it is open for you to do whatever you think is best for your app.
Sent: Monday, February 16, 2009 2:47 PM
Subject: Re: [CSLA .NET] if my project doesn't need authorization what i have to do ?
That's good to know, thanks! I was naively responding with
my limited experience with the "Principal
must be of type BusinessPrincipal, not..." exception in mind.
RockfordLhotka:And if CslaAuthentication=Csla, you can provide a bit of code that is run at the start of every single server call, where you can authenticate the principal provided by the client. This is where I used to throw the BusinessPrincipal exception, but now it is open for you to do whatever you think is best for your app.
I remember writing about it :)
But you are right – I don’t see it in the index either. Fortunately it is relatively easy.
You need to do this:
1. Create a class that implements Csla.Server.IAuthorizeDataPortal, which means you’ll implement an Authorize() method
2. In that Authorize() method throw an exception to block an inbound request, or don’t throw an exception to allow the request to be processed
3. Set the CslaAuthorizationProvider config value to your assembly-qualified type name: “MyAssembly.MyAuthorizer,MyAssembly” on the data portal server (so typically in web.config)
The Authorize() method is handed a parameter that allows you to see (and I suppose manipulate) everything that’s known about the inbound request. This occurs immediately after the inbound objects are deserialized from the client, and before anything else (so you aren’t in a transaction yet, or anything like that).
thanks alot for you replay
I tried to put in Config file
is that enough to tell the BLL that I do't use Authentication
<add key="CslaAuthentication" value="Windows" />
Copyright (c) Marimer LLC