What is the proper way to restrict execution of a command. I have tried using the AddObjectAuthorizationRules with the IsInRole rule but none of the authorization actions seems to restrict it from executing.
Code that I'm trying to use:
#Region "Authorization Rules"
Private Shared Sub AddObjectAuthorizationRules()
Csla.Rules.BusinessRules.AddRule(GetType(SomeCommand), New Csla.Rules.CommonRules.IsInRole(Rules.AuthorizationActions.CreateObject, "Some AD Group"))
End Sub
#End Region
I'll answer my own question. It wasn't working as I was using String.Empty instead of an actual group. As soon as I used a real group it works.
As follows:
#Region "Authorization Rules"
Private Shared Sub
AddObjectAuthorizationRules()
Csla.Rules.BusinessRules.AddRule(GetType(SomeCommand), New
Csla.Rules.CommonRules.IsInRole(Rules.AuthorizationActions.EditObject,
"Some AD Group"))
End Sub
#End Region
----------
After further testing I discovered that the policy wasn't set to WindowsPrincipal. When it was String.Empty results in IsInRole returning false.
Copyright (c) Marimer LLC