Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum

CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • CSLA And User Sessions

    rated by 0 users
    Not Answered This post has 0 verified answers | 1 Reply | 2 Followers

    Not Ranked
    1 Posts
    donniefitz2 posted on Tue, Oct 7 2014 4:08 PM

    I am planning to use CSLA as the BL for a web API (similar to ASP.Net MVC). All of the requests to the API must be authenticated and I'm having trouble understanding how CSLA works in this scenario. My web API layer can manage to keep a session in process to identify incoming requests using a token in the HTTP header, so I can know who my users are once they have logged in. 

    Once a request is made to my API I can pass the credentials to CSLA to authenticate the user. But after the user is authenticated, how do I maintain a session that CSLA is aware of so I don't have to authenticate the user on each request? Would I have to store and instance of the business layer in session state? Any help would be appreciated. 

    All Replies

    Top 10 Contributor
    4,106 Posts
    Andy replied on Wed, Oct 8 2014 7:14 AM

    In your global.asax you'll wire up an event for AuthenticationHandler, I think that's the event.  You'll use your token and rebuild your Principal / Identity and set it via Csla.ApplicationContext.User property. 

    The most flexible way then is to think of the IPrincipal's IsInRole instead as being a HasPermission call; you then load up the roles of the principal with all the permissions the user has, and your list can then check that the user has the permission to do whatever action. 

    Page 1 of 1 (2 items) | RSS

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems