Security Question

Security Question

Old forum URL:

brannos posted on Friday, July 09, 2010

In my security protocol, when a user accesses a record, I have to check if they can read/write the fields based on the record. For example if a user accesses their company account some users are allowed to change the company name, some are not based on the company account. 

So I have in the following check:

CMI.Library.Security.CanReadfield("MasterAccounts", GetProperty(Of Guid)(IdProperty), propertyname)

The problem I am having is the IDProperty, the system keeps checking the read authorization on the IDProperty causing an overstack overflow.

How do I bypass the IDProperty read authorization?

RockfordLhotka replied on Friday, July 09, 2010

So this line of code is in your property getter? You can see the infinite loop right there - you are calling GetProperty(), which calls the getter, which calls GetProperty(), which calls the getter, ...

What you should do is override CanReadProperty() and alter the authorization behavior for that property.

Or if you are using CSLA 4 you can create a custom authorization rule, which would be an even more elegant (and simpler) approach.

Copyright (c) Marimer LLC