Suggestion

Feb 23, 2011 at 11:37 AM

Hi. Very interesting approach. 

There is a situation where this framework doesn't fit very well, I think.  Action based authorization. Let me explain you better...

Authorization is something like an infrastructure part. which can be re utilized in many systems. So it's is not tied direct to objects of some system. Think about that this we developed a system apart, and this Authorization could be abstracted:

User( string Name, string Login, string Password);  Actions (string ActionName); Permission, Group...

So for all action that might be controlled there is a ActionName associated. For example, if in my application there is a feature "People", I can "InsertNew", "Delete", "Edit". So I pass to my framework:  AuthManager.AddPermission("/People/InsertNew").For.User(objUser). this way my user objUser has access only to insert new people. How can I use your framework in this scenario?

I think we should pass into your attribute a new parameter, a "ActionName".... like:

[AuthSecurityName("/People/InsertNew","readonly")]
public DelegateCommand InsertNewPerson
{
     get { return new DelegateCommand(_ => { MessageBox.Show("Test"); }); }
}

So in my implementation of IAuthLevelProvider I would be able to search in my framework for that Action and so, return appropriate permission...

what do you think?

 

 

 

Coordinator
Dec 6, 2011 at 5:30 PM

This feature is very easy to implement without ant more propery. 

The security name can be different for different actions. and can be shared between View Models so the provider can use it to return the right answer. 

Thanks. 

May 20, 2016 at 1:25 PM
I also like Quicoli's suggestion. Has anyone implemented it yet?