A possible feature request for AuthorizationRules

niki.borissov posted on Thursday, February 04, 2010

My business requirement is that the AuthorizationRules should be upgradeable at run time.

I've read some very good posts on the topic of adding AuthorizationRules at run time using AllowGet(Type objectType, params string[] roles) and etc. public methods of the AuthorizationRules class.

It seems to me that I have to reset the authorization rules for a given type and then add the new ones, so I am thinking about a method that will allow me to do this operation at once.

Something like

class AuthRulesPerType
{
type - allow get - roles
.....
type - properties
allow read roles per property
....
}

and a static method UpdateObjectAuthorizationRules in AuthorizationRules class f.x.

Is there a better way of doing this?

RockfordLhotka replied on Thursday, February 04, 2010

This is a complex issue.

Consider a Silverlight app in 4-tier configuration. You (essentially simultaneously) need to get all your user workstations, all your web servers and all your app servers to discard all their auth rule definitions at the same time, thus causing all the static loaders to re-run.

CSLA could expose a method that would blank all the authz rules - in total or for a type - but there's no global messaging system in .NET or Windows to trigger this to be invoked on all instances of your running app.