CSLA.NET 3.8.3 Windows Forms Authorization Rules

CSLA.NET 3.8.3 Windows Forms Authorization Rules

Old forum URL: forums.lhotka.net/forums/t/9282.aspx

shanthimai posted on Monday, July 26, 2010


Whether the below authroization rules allow save but not delete is applicable for CSLA.NET 3.8.3 WINDOWS FORMS ?


any suggestions?

Thx ,



RockfordLhotka replied on Tuesday, July 27, 2010

The new rules concept is part of CSLA 4, so it is not available in 3.8.

But if you move your Windows Forms application to .NET 4, then you can use CSLA 4, and yes, the new rules concept will work with Windows Forms.

shanthimai replied on Wednesday, July 28, 2010


I would like to confirm whether we can achieve this in CSLA 3.8 Framework version by the method.".IsInRole()" checks inside the appropriate shared methods (GetObject(), Save(), and Delete()).


Any thoughts?



RockfordLhotka replied on Wednesday, July 28, 2010

CSLA 3.8 has the same authorization model as described in Expert 2008 Business Objects. This includes per-type authorization rules that are registered on the Csla.Security.AuthorizationRules type. Those rules are automatically enforced by the data portal, much in the way the CSLA 4 rules are enforced. Usually you don't need to implement the authorization checks yourself, just associate the appropriate roles with each possible action (create/get/edit/delete).

The big difference between 3.8 and 4, is that 3.8 is only role based, while 4 allows you to create rules that do things other than just check roles.

Copyright (c) Marimer LLC