tags:

views:

147

answers:

3
+3  Q: 

Books/resources on authentication and authorization in layered applications

I've been trying to find resources and guidelines for implementing authentication and authorization in multiple layered architectures (C#), but haven't found any "best practices" or patterns to use. And I figured, that there must be some patterns for this, as it is a pretty important area?

The application that we're developing, is layered traditionally, having

  • data layer (Entity Framework 4)
  • repositories
  • domain layer
  • service layer (can be WCF, with data transfer objects)
  • multiple clients consuming the WCF service (ASP.NET [MVC], Silverlight, WPF) and clients accessing a service layer directly (no WCF)

Are there books/articles/blogs that dig deeply into this area? Primarily about authorization such as handling multiple roles and attributes attached to users).

It doesn’t have to be specific for the .NET Framework, but it would be preferred.

UPDATE: I got some good links already, but I'm looking for more implementation examples and articles. Maybe a solution where something like the above is implemented?

A: 

Yes there is, you can check patterns & practices Application Architecture Guide 2.0

It will give you design-level guidance for the architecture and design of applications. And also a good thing it is specific for .NET :)

Incognito  2010-05-16 21:31:05
I've been looking through that guide, and looked at it before for other guidelines, but regarding authorization, I think it's very sparse on that subject?
Tommy Jakobsen  2010-05-17 07:03:46
+1  A: 

This resources can be helpful

http://msdn.microsoft.com/en-us/security/aa570351.aspx from Microsoft, mostly about Windows Identity Foundation

A Guide to Claims–based Identity and Access Control from Microsoft Patterns&Practices team

Best Regards

dario  2010-05-21 08:12:36
Thank you. Interesting reading, but I'm looking for resources thats more implementation specific (in the layers).
Tommy Jakobsen  2010-05-21 17:10:35
A: 

Some links to check.
Common Security Scenarios
patterns & practices: WCF Security Guidance
patterns & practices Improving Web Services Security Guide
Security Considerations (Entity Framework)

 2010-05-24 22:34:11

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?