Authorization issue.

Authorization issue.

Old forum URL:

eldospk posted on Monday, March 08, 2010


We are using csla version 3.8 in our wpf application and currently in the process of doing the security implementation.

When the user is authenticated, we are adding the user's privileges to the CSLAIdentity.Roles

Then we are reading the authorization rules from the database and adding them dynamically. These include object authorization rules as well as property authorization rules. Our understanding was, at this point if the user doesn't have the right privilege, he/she wouldn't be able to do the corresponding action. But nothing happens and the application continues without looking at the user's privileges. Do we need to bind the controls in the xaml based on the authorization for each property?


When we do 

<Button MinWidth="95" Width="auto" Height="25" Style="{DynamicResource RoundedButton}" Background="#FF7F90FC" BorderBrush="#95FFFFFF" csla:InvokeMethod.TriggerEvent="Click" csla:InvokeMethod.MethodName="Save" csla:InvokeMethod.MethodParameter="{Binding Model}" IsEnabled="{Binding CanEditObject}">OK</Button>

the button gets disabled based on the users privileges. Should we need to do this in the xaml? 


Many Thanks.


RockfordLhotka replied on Monday, March 08, 2010

Yes, you need to bind your UI to the authz properties exposed by the CslaDataProvider, ViewModelBase, ObjectStatus and/or PropertyStatus controls.

There's no way for CSLA or me to know all the cool things people might do in their UI based on authz rules, so especially in the Xaml world I'm just exposing the metadata and allowing the UI designer to do whatever interesting things they might want to do based on that information.

Copyright (c) Marimer LLC