Security in CSLA

CSLA has validation build in their business object. Cool!

Authorization is also embed, a guy even created a mix security mode. It’s just the one we are looking for.

The thing I don’t like so far, authorization rules should not defined in BO, like this:

    public static bool CanEditObject()
{
return Csla.ApplicationContext.User.IsInRole(“ProjectManager”) || Csla.ApplicationContext.User.IsInRole(“Webmasters”);
}

instead, it should be configurable outside of BO, either through db or xml.

I hope CSLA will change this in the future, otherwise we have to make our modification if we decide to go  CSLA way.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s