This post digs deeper into the Book Club application from the perspective of the authorization feature of RIA Services. You can check out more information about the application via its associated table of contents post.
The post covers how the out-of-box authorization rules can be applied, how custom rules that can be implemented, how custom rules can use additional bits of information in their implementation, and how client-side UI can be customized to account for authorization.
The sample application has been updated, so you might want to download the latest release of the code from the RIA Services Essentials project on CodePlex or browse the checkin history.
Authorization and validation share a lot of common concepts and patterns, so the deep dive into validation with RIA Services might be particularly interesting.
Authorization Overview
Authorization allows you to secure operations and data in your application based on the authenticated user. It essentially answers the question:
"Can X do Y [with Z]?"
where X is the user (the subject), Y is the operation (the verb), and optionally, Z is the entity being operated upon (the object). In RIA Services, each authorization rule encapsulates a specific question that you can associate your services and its operations with. These rules help create a more complete picture of the domain or application semantics that are being encapsulated within a domain service. Rules are associated with operations as metadata attributes that derive from AuthorizationAttribute.
[Full post continued here...]
Tidak ada komentar:
Posting Komentar