Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer.
In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. But I'm still not really happy about that solution and struggling how to make it better.
What I'm still trying to achieve:
- Ensure that every method call is denied by default if nothing is declared on it
- Inheritance: Define basic permissions on a base class that get inherited
- Something that is easy to use for specific checks
I don't want to use OAP because it work on generic classes and has some limitations as well.
Additional question: Is there some kind of Security Framework that can be implemented withing applications?
I'm working with ASP.NET / MVC and targeting .net 4.0