Vibrant discussion about CSLA .NET and using the framework to build great business applications.
Hy I'm a new csla user and i have a question.
My application has a user db witch authenticates trough competences instead of roles.
Now my question is can i modify the Framework so it does it for me just like the isInRole Authentication?
read this blogpost from rocky: http://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx
Jonny Bekkum, Norway
Thx I'll try this then, any Tips for helping me load the permissions instead of the roles? or do I just edit use the CSLAPrincipal and CSLAIdendity as base classes and edit witch information is loaded.
first of all, you may probably want to inherit form cslaIdentityBase, since you'll be able to add properties and functionality. For example properties like 'realName' or 'PWDExpired' or a functionality to change password, just to name some.
In the process of fetching uservalidation-data from your DB, you're free then to retrieve your list of permissions, eventually as a list of strings as a simple approach and add them to the CSLA-Roles, which is something like a mobileList(of string), if I remember correctly.
That's all. You only have to take care not to puzzle things, as many authorization-systems use Roles ('Salesmanager' or 'admin' as an example) to group permissions ('EditThis' or 'deleteThat' for example) and/or users. In such environment one has to be clear, that those Roles are only to simplify permission and/or user-managment and have no direct relevance for your authorization object, which only has to know about permissions, not roles! Therefore your DB-query to fetch your Identity-class should retrieve permissions to add them to the CSLA-roles, no roles, if present in your authorization-system.
Hope this helps!?