StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
17714061
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-07-18T03:34:17.407
FavoriteCount
0
LastActivityDate
2013-07-18T13:20:32.737
LastEditDate
2013-07-18T13:20:32.737
LastEditorUserId
1672308
OwnerUserId
1672308
ParentId
17712010
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
One potential, though still not foolproof, method is to abstract your security checks into Attributes. This way you can decorate your methods with something like: <pre><code>[CheckToken] public string DoWork() { .... } </code></pre> This isn't necessarily the best answer because it still requires you to attribute the method. You could instead create an attribute for your web service class, which would execute the [CheckToken] on any method call of the class. <pre><code>[CheckToken] public class MyWebService { ... } </code></pre> The only issue here is if you have some methods where you want to execute different security checks, or no security checks. A C# web service framework that has pretty good security features baked into the framework is Service Stack. <a href="http://www.servicestack.net/" rel="nofollow">http://www.servicestack.net/</a> It has security attributes already built in that you can use, and it promotes clean separation of concerns. Another very robust option involves intercepting method calls. C# has a class "ContextBoundObject" which can be used for this purpose. You'd need to have your class inherit from ContextBoundObject, and then you can start to dynamically intercept method calls and perform your security checking based upon the context of the method call being made and its parameters. ContextBoundObject does add some overhead to your calls, so you'll need to factor that into your decision. Method interception is great for things like security, performance monitoring, health checks, method retries, and other cross cutting concerns. Here's a simple getting-started article on ContextBoundObject (and Aspect Oriented Programming). <a href="http://www.codeproject.com/Articles/8414/The-simplest-AOP-scenario-in-C" rel="nofollow">http://www.codeproject.com/Articles/8414/The-simplest-AOP-scenario-in-C</a> For J... I wouldn't have the method code query the result. Since we're talking about a web service, there's a pipeline involved where a request is initiated by a client, that request is sent to the service, that service initializes its handlers, deserializes the request, routes the request to the appropriate method, executes the method, serializes the response, and returns the response to the client (this is a big simplification..). Most frameworks I've seen have some hooks for you to specify attributes on your service methods that get checked at the point prior to method execution and can be used to handle security (ie, return a 401 http code for a web service). I believe he said he's using WCF and while it's been a while since I've used WCF, I know this can be done - see <a href="http://msdn.microsoft.com/en-us/library/ms733071.aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/ms733071.aspx</a> So he could derive his custom security attribute from some WCF security attribute and create his own authentication logic based upon some token, which he'd most likely have to grab from the headers of the request. ServiceStack makes this super easy, I'd imagine it's not that hard using WCF either. Chances are someone's already done this for WCF and the code is out there somewhere.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POExecuting one Method At the Start of Several other Methods
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USMike Pugh
UserOwnerUserId
1. USMike Pugh
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COHow can an attribute influence the execution of the decorated method? Would this still require the method code to query the result of the token check?
 singulars
 PostPostId
 PO
 UserUserId
 USJ...
2. CO@J... - my response is too long for a comment, see updated answer.
 singulars
 PostPostId
 PO
 UserUserId
 USMike Pugh

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.