Security in CSLA

CSLA has validation build in their business object. Cool!

Authorization is also embed, a guy even created a mix security mode. It’s just the one we are looking for.

The thing I don’t like so far, authorization rules should not defined in BO, like this:

    public static bool CanEditObject()
return Csla.ApplicationContext.User.IsInRole(“ProjectManager”) || Csla.ApplicationContext.User.IsInRole(“Webmasters”);

instead, it should be configurable outside of BO, either through db or xml.

I hope CSLA will change this in the future, otherwise we have to make our modification if we decide to go  CSLA way.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s