We currently use Castle Windsor to manage dependency injection in our web applications. The DI registration code occurs within the applications themselves, so each application has roughly identical code within it’s Global.asax Application_Start() method. We consider this appropriate since each application may need a different implementation of some of the interfaces in question.
I am now looking into AOP, specifically around authorisation. We would want to add attributes to methods in particular classes in a class library which define whether or not the user is permitted to execute that method. AOP sounds a good call for how to accomplish this.
The only thing that makes me uncomfortable is that each web application would have to set up the interceptors for itself. If one of the web applications configured the AOP stuff wrongly, we could end up with the unacceptable situation that authorisation code did not execute.
Is there some way that the class library could configure its own AOP, or that the responsibility of configuring AOP could be taken away from the web applications?
Put this AOP initialization code in an installer or facility, put it in a library shared by all web applications, then have the web applications call this installer or simply have the web apps scan for all installers with
container.Install(FromAssembly.InThisApplication());