Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum

CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • Browse Site by Tags

    Showing related tags and posts across the entire site.
    • Re: Type level authorization rules

      You can add a check in a custom data portal authorizer. The authorizer runs before pretty much anything else on the server, and is the location for global checks you might want to perform before allowing a user request to be processed - for example doing a server-side check of HasPermissions.
      Posted to CSLA .NET discussion by RockfordLhotka on Wed, Feb 11 2015
    • CSLA and MS Identity

      Hi, In my MVC 5-Project I want to use MS Identity for Authorization and Authentication. I have built my application according to the EncapsulatedDto-model, hence I among my projects have a Dal, DalSql, Library, and WcfPortal Project. I'm want to use Claims-based Authorization, and could of course...
      Posted to CSLA .NET discussion by Peter Centellini on Fri, Oct 17 2014
    • IAuthorizeDataPortal - LocalContext value somehow gets reset

      I'm following the example of implementing the IAuthorizeDataPortal. What I'm finding is that when a BusinessList object's Fetch method is called, the Authorize method gets triggered twice before the Fetch method is executed. Actually, it gets called 4 times, in pairs of two. For the first...
      Posted to CSLA .NET discussion by Tim on Mon, Jun 16 2014
    • IAuthorizeDataPortal / IInterceptDataPortal and DataPortalOperations.Execute

      Hi, I have implemented both IAutorizeDataPortal and IInterceptDataPortal in my project. When commands are executed, IInterceptDataPortal methods gets DataPortalOperations.Execute parameter, but IAutorizeDataPortal.Authorize gets DataPortalOperations.Update. The difference is in server DataPortal class...
      Posted to CSLA .NET discussion by DrLik on Tue, Jun 25 2013
    • Per-property authorization rule that depends on async, lazy-loaded property

      What is the best approach for implementing a per-property authorization rule that depends on the result of an async, lazy-loaded property? Here's my suggestion: [Serializable] public sealed class Parent : BusinessBase<Parent> { public static readonly PropertyInfo<string> NameProperty...
      Posted to CSLA .NET discussion by Chattererman on Tue, May 7 2013
    • Authorization rules not running for new object

      When I create a new instance of a business object, the authorization rules do not run. I have a custom authorization rule that changes access to a property based on the state of another property. This rule runs as expected when fetching an existing object and editing it, but it seems like the authorization...
      Posted to CSLA .NET discussion by jmuller on Thu, Feb 14 2013
    • Csla.Xaml.ApplicationContextManager question

      In our WPF application users can log out and then log in into the system. With current implementation Csla.Xaml.ApplicationContextManager we sometime have interesting problem. I would like to check if anyone had the same problem before, or have any other comments. Here is the problem. ApplicationContextManager...
      Posted to CSLA .NET discussion by maxal on Tue, Nov 6 2012
    • Re: Business Rule for Not Allowing Edit or Delete for a Specific Record

      There is support for this - you just have to follow some basic guidelines. BusinessRules at Object level must have ProperyProperty = null. AuthorizationRules for Static methods must have Member = null (CanGetObject, CanCreateObject, CanEditObject, CanDeleteObject) BusinessRules for a Property must have...
      Posted to CSLA .NET discussion by JonnyBee on Sun, Nov 4 2012
    • Problem with MethodInfo

      Hi everybody, in a SL4 Project using CSLA 4.1 I have a BusinessBase class containing 2 Methods: public void doWork(EventHandler<DataPortalResult<doWorkCommand>> callback) public static void doWork(int Id, EventHandler<DataPortalResult<doWorkCommand>> callback) I would like to...
      Posted to CSLA .NET discussion by Uwe Hein on Wed, Nov 9 2011
    • Business Object Authorization Design

      I'm very new to CSLA but am thrilled to have found it and have started working through Rockford's C# 2008 Business Objects book. I have a design question that I'm hoping others with more experience can chime in on, especially as thoughts on how using CSLA can help me better refine the design...
      Posted to CSLA .NET discussion by Justin Heath on Thu, Oct 20 2011
    • Csla 4 - Clearing out principal?

      I've upgraded WebForms project to use Csla 4. The business layer seems fine mostly, all the tests have passed and I'm fixing minor things with how BOs are build (private backing fields not specifying that in relationship type, etc). One thing I'm stumped on is the handling of the ApplicationContext...
      Posted to CSLA .NET discussion by Andy on Sun, Oct 16 2011
    • Customize Authorization Rules Messages.

      Hello all. I'm using Authorization Rules in my Business Objects but when any Authorization Rule is broken the message provided on the exception do not fits my needs. I was reviewing the implementation of the DataPortal class and CSLA throws a Security Exception and loads the exception message from...
      Posted to CSLA .NET discussion by omarcusido on Fri, Oct 14 2011
    • Where is Execute command authorization rule?

      Why there is no ExecuteObject/ExecuteCommand per type authorization rule/action? I can see that AddObjectAuthorizationRules() is being call... Thanks Ivan UPDATE : ok, after looking through csla source, I figured out that EditObject permission is being checked while executing DataPortal_Execute method...
      Posted to CSLA .NET discussion by mesh on Mon, Aug 29 2011
    • Re: CanWriteProperty and AuthorizationActions.EditObject

      Thanks Rocky. I ended up creating an aggregate authorization rule that I can stuff any number of sub rules into. I also created a CanEditObject rule that I put in each aggregate rule for each property in addition to the other rule(s) for each property. We'll wait and see what kind of performance...
      Posted to CSLA .NET discussion by mdbzntcd on Tue, Aug 16 2011
    • Re: CanWriteProperty and AuthorizationActions.EditObject

      For performance reasons, exactly one authorization rule is allowed per type/property and per action. But rules can be arbitrarily complex. If you feel the need for your per-property rules to check the per-type rules before doing any more detailed authorization logic, then you can absolutely write a rule...
      Posted to CSLA .NET discussion by RockfordLhotka on Tue, Aug 16 2011
    • CanWriteProperty and AuthorizationActions.EditObject

      I'm trying to enable/disable fields in a data grid in WPF using the PropertyInfo control. A user may be able to edit some objects (parts or whole) in a list and not others depending on security groups and the status of the object. There are per-type rules for the security groups for control editing...
      Posted to CSLA .NET discussion by mdbzntcd on Fri, Aug 12 2011
    • Re: Permission based authorization and performance in CLSA.NET v4

      This can be a very real concern. I was working with a client last year who wanted extremely granular permissions at a property level. The result was tens of thousands of permissions. Even if each permission is stored as a bit, the raw data structure was quite huge - too big to pass on each data portal...
      Posted to CSLA .NET discussion by RockfordLhotka on Tue, Aug 9 2011
    • Re: Why can't authorization (Data Portal) rules be overridden?

      It is important to remember that authorization rules (in CSLA 4) don't have to be role based. They are just a type of business rule, and they can use the state of the object, the state of the application, and the user prinicpal/identity information in any way they choose. So you can create a rule...
      Posted to CSLA .NET discussion by RockfordLhotka on Tue, Aug 9 2011
    • Permission based authorization and performance in CLSA.NET v4

      I thought I had a good initial design for doing a permission based authorization model based on Rocky's comments and my understanding of things - until I read in Using CSLA 4 how the principal and hence the identity have to be passed through the dataportal on each call. That, or they have to be reconstructed...
      Posted to CSLA .NET discussion by nhwilly on Tue, Aug 9 2011
    • Why can't authorization (Data Portal) rules be overridden?

      Correct me if I'm wrong but there is no way to stop authorization rules on data portals being fired once they are coded into an object? By this I mean create, update etc. This seems a bit restrictive on the developer. What about the scenario where an object needs to be loaded internally in another...
      Posted to CSLA .NET discussion by geordiepaul on Tue, Aug 9 2011
    Page 1 of 4 (80 items) 1 2 3 4 Next >

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems