issue with static authorizations after data portal serialization

issue with static authorizations after data portal serialization

Old forum URL:

Chaz4Code posted on Wednesday, March 10, 2010

I'm having an issue where authorizations are applied in the standard csla way and are fine until I serialize it through the data portal.  After serialization the rights are lost as if they were never loaded.  My scenario is that the parent object loads rights for certain roles to the child collection item objects.  Imagine a parent object with a child collection of categories.  If you have full rights to the parent object we grant you rights to the child collection.  We then check for this right before loading the child collection.  After the object is serialized and we check the CanEdit right in the fetch method it is returning false.

Is this expected?  Any ideas would be appreciated.

RockfordLhotka replied on Wednesday, March 10, 2010

Authorization rules are stored per AppDomain. They don't serialize over the wire, because they are created on either end of the wire.

In a client/server setting, you have two AppDomains - the client one and the server one. The first time any code tries to interact with an instance of your business object type in each AppDomain, that AppDomain will be initialized with the authz rules.

To put it another way, your AddAuthorizationRules() and AddObjectAuthorizationRules() methods in your business object class are invoked twice - once on the client and once on the server.

So the behavior you are seeing is unexpected. Try putting a breakpoint in your AddAuthorizationRules() method and run your app with the debugger attached to client and server. You should see the method invoked twice for each business type in your app.

Chaz4Code replied on Thursday, March 11, 2010

Thanks Rocky.  What I think is happening in this case is I am loading the child collections with an asyncronous call (if the user has rights) and as a result the child object is the first object to move across the wire after a fresh build.  As a result the the parent object hasn't yet instantiated the rights to the child object based the rights it has to itself and CanEdit is returning false for the child object.  However if I run this without the extra physical tier the unit tests run successfully; I'm assuming this is because the parent object instaniated first and added roles to the child objects in the AppDomain.  I either have to remove the async call or have the child object give rights to the parents the way the parents give rights to the children.

thanks again.  I think it's great you how quickly you respond!

Copyright (c) Marimer LLC