Security in CSLA

CSLA has validation build in their business object. Cool!

Authorization is also embed, a guy even created a mix security mode. It’s just the one we are looking for.

The thing I don’t like so far, authorization rules should not defined in BO, like this:

    public static bool CanEditObject()
{
return Csla.ApplicationContext.User.IsInRole(“ProjectManager”) || Csla.ApplicationContext.User.IsInRole(“Webmasters”);
}

instead, it should be configurable outside of BO, either through db or xml.

I hope CSLA will change this in the future, otherwise we have to make our modification if we decide to go  CSLA way.