Authorization Rules at Method level

Authorization Rules at Method level

Old forum URL: forums.lhotka.net/forums/t/6678.aspx

Slayer posted on Thursday, March 26, 2009

Hi,

The authorization rules at property level is brilliant, so I can use the CanReadProperty() method in my GUI.

But what if I have a method called ImportCustomer() and only users with administrator roles can access this method. Does any of the new csla frameworks include support for this type of authorization ?

My current solution is : I have a CanImportCustomer() method which returns a boolean accordingly.

Thanks

RockfordLhotka replied on Thursday, March 26, 2009

Yes, there's the CanExecuteMethod() method, that you can call at the top of the method you want to protect. And when you set up your authz rules, you use AllowExecute() and DenyExecute() to specify the roles that can/can't execute that method.

Copyright (c) Marimer LLC