Hello all,
for a service facade implemented in .NET, is there a posibility (e.g. a 3rd party library) that can be used to perform some security checking? I mean, a kind of access controll list based checking for every method, based on the roles.
Thanks, Lucian
How is the façade presented? A separate assembly? Web service? Some weird funky custom thing? Also how is authentication happening? AD? Something else?
If the service layer is running in the context of the calling user (i.e. the thread has a filled IPrinciple/IUser context appropriate to the user) you could use CAS by placing
[PrincipalPermission(SecurityAction.Demand,Role="role")]
on your methods. This would throw a security exception if the authenticated user was in the role/group you specified.