Databases
StackOverflow2013
Postsdbo
POAttempting to generalize a authentication (Including parameter changing)
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAttempting to generalize a authentication (Including parameter changing)
    text
    copied!<p>In our MVC project we are attempting to make everything as generic as possible.</p> <p>Because of this we want to have one authentication class/method which covers all our methods.</p> <p>As a example: The following code is a MVC class which can be called to from a client</p> <pre><code>public class Test { public void Test() { } public int Test2(int i) { return i } public void Test3(string i) { } } </code></pre> <p>A customer of our webservice can use a service reference to get access to Test(), Test2() and Test3(). </p> <p>Now i'm searching for a class, model, interface or anything else which I can use to alter the access to the method (Currently using <code>[PrincipalPermission]</code> attribute) as well as alter the parameter value.</p> <p>Example:</p> <p>Customer A calls <code>Test2(150)</code></p> <p>The class/method checks whether Customer A has access to <code>Test2</code>. The class/method validates the user but notices that the user does not have access to <code>150</code>. He only has access to <code>100</code>.So the class/method sets the parameter to <code>100</code> and lets it follow through on it's journey.</p> <p>Customber B class <code>Test()</code> </p> <p>The class/method checks whether Customer B has access to <code>Test</code>. After validation it shows that the user does not have access so it throws a SecurityException.</p> <p>My question: </p> <p>In what class, interface, attribute or whatever can I best do this?</p> <p>(ps. As example i've only used authentication and parameter handling, but we plan to do a lot more in this stage.)</p> <p><strong>Edit</strong></p> <p>I notice most, if not all, assume I'm using actionResults. So i'd like to state that this is used in a webservice where we provide our customers with information from our database. In no way will we come in contact with a ActionResult during the requests to our webservice. (Atleast, not our customers)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload