Declarative Security with AzMan and CAB
In a previous post, I mentioned Controls can be dynamically disabled based on users' permission by using .NET attribute with AzMan and CAB. This week is our security iteration, so we are able to test the concept described in this MSDN article. The article suggested modifying the RootWorkItemInitializationStrategy.cs, so when each objects are built up, it will be disabled based on the attribute declared on the Controls and users' permission. I personally do not like the idea of modifying 3rd party code when it can be avoided. There is another way to accomplish the same thing by creating a custom BuilderStrategy then overiding AddBuilderStrategies method in the shell, so you can add the strategy during run time. It will look something like this:
Here are some pitch falls we ran across when we tried to implement security with attributes.
Client side security is for eye candy, but the real security comes when you secure your service layer. Service layer can be secured using declarative approach too, but that is for another time.
public class YourShell : FormShellApplication {
protected override void AddBuilderStrategies(Builder builder) {
base.AddBuilderStrategies(builder);
builder.Strategies.AddNew(BuilderStage.Initialization);
}
}
- Dynamically created controls cannot be applied.
- Literal strings are used in the declaration of attributes, so if anything changes with the security or Control, it will result in runtime rather than compile time.
- The declaration of Controls cannot be in the designer file because the designer file will get overwritten.
- Performance penalty during startup of the application.
- Explicit logic already exists to enable or disable the UI based on the state of the system will override the attribute.
Client side security is for eye candy, but the real security comes when you secure your service layer. Service layer can be secured using declarative approach too, but that is for another time.
posted by Aaron Feng at
9:02 AM
0 Comments:
Post a Comment
<< Home