I’ve been trying to find resources and guidelines for implementing authentication and authorization in multiple layered architectures (C#), but haven’t found any “best practices” or patterns to use. And I figured, that there must be some patterns for this, as it is a pretty important area?
The application that we’re developing, is layered traditionally, having
- data layer (Entity Framework 4)
- repositories
- domain layer
- service layer (can be WCF, with data transfer objects)
- multiple clients consuming the WCF service (ASP.NET [MVC], Silverlight, WPF) and clients accessing a service layer directly (no WCF)
Are there books/articles/blogs that dig deeply into this area? Primarily about authorization such as handling multiple roles and attributes attached to users).
It doesn’t have to be specific for the .NET Framework, but it would be preferred.
UPDATE:
I got some good links already, but I’m looking for more implementation examples and articles. Maybe a solution where something like the above is implemented?
This resources can be helpful
http://msdn.microsoft.com/en-us/security/aa570351.aspx from Microsoft, mostly about Windows Identity Foundation
A Guide to Claims–based Identity and Access Control from Microsoft Patterns&Practices team
Best Regards