Home/ Questions/Q 5939225
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T15:47:48+00:00

we have developed an intranet application with Silverlight 4 using MVVM with PRISM. Up

  • 0

we have developed an intranet application with Silverlight 4 using MVVM with PRISM. Up until now we only had a basic security scheme which boils down to “access granted” or “access denied” based on active directory group membership. Now we have to expand on that.

We defined more granular roles & permissions which are being loaded at app startup and which are being exposed by a singleton ISecurityContext instance. This security context knows about the roles & permissions granted to the currently logged on user. Now I’d like to plug this context into my view models in an elegant way. A naive example of what I’d like to do is this:

public class NavigationBarViewModel
{
    //...

    [Secured(RequiredPermission="EditLocation")]
    public void NavigateToEditLocations(IRegionManager rManager)
    {
        var editLocView = new Uri("EditLocationsView", UriKind.Relative);
        rManager.RequestNavigate("WorkspaceRegion", editLocView);

    }

    //...
}

Now of course the Secured Attribute should somehow be aware of our security context. I’m not sure where to start or if this would really be an application of the decorator pattern.
Mabye someone can point me into the right direction.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So after some research I think I found a clean way for cross cutting security using Unity interception. I’ll share my code:

    public class MyCallHandler: ICallHandler
{

    private readonly string[] roles;

    public MyCallHandler(params string[] roles)
    {
        this.roles = roles;
    }

    public IMethodReturn Invoke(IMethodInvocation input, GetNextHandlerDelegate getNext)
    {
        IPrincipal principal = Thread.CurrentPrincipal;
        bool allowed = roles.Any(principal.IsInRole);
        if (!allowed)
            return input.CreateExceptionMethodReturn(new
                                         Exception("Security exception!"));
        return getNext()(input, getNext);

    }

    public int Order
    {
        get;
        set;
    }
}

public class MethodAccessAttribute : HandlerAttribute
{
    private readonly string[] roles;

    public MethodAccessAttribute(params string[] roles)
    {
        this.roles = roles;
    }

    public override ICallHandler CreateHandler(IUnityContainer container)
    {
        return new MyCallHandler(roles);
    }
}

public interface IConsoleThingie
{
    [MethodAccess("admin")]
    void SomeMethod();
}

public class MyConsoleThing : IConsoleThingie
{
    public void SomeMethod()
    {
        Console.WriteLine("test");
    }
}

class Program
{
    static void Main(string[] args)
    {
        IUnityContainer container = new UnityContainer();
        container.AddNewExtension<Interception>();
        container.RegisterType<IConsoleThingie, MyConsoleThing>().Configure<Interception>().SetInterceptorFor<IConsoleThingie>(new InterfaceInterceptor());

        IConsoleThingie thing = container.Resolve<IConsoleThingie>();
        try
        {
            thing.SomeMethod();
        }
        catch
        {
            Console.WriteLine("More granular exception handling here");
            Console.ReadLine();
        }

    }

}

    As you can see it’s all about creating a custom HandlerAttribute which in turn calls a custom ICallHandler. In the CallHandler you can put your security related logic which will decide if the decorated method will be executed. You should throw some custom exceptions that you can catch from the layer using your methods. With that infrastructure in place, you can integrate any cross cutting modules in a clean way. Here’s the config for the application since this can be a bit of a pain in Unity. Dont forget to add the Microsoft.Practices.Unity.InterceptionExtension namespace in your classes btw.

    <configuration>
 <configSections>
<section name="unity"
    type="Microsoft.Practices.Unity.Configuration.UnityConfigurationSection,
            Microsoft.Practices.Unity.Configuration" />
 </configSections>
  <unity>
   <sectionExtension type="Microsoft.Practices.Unity.InterceptionExtension.Configuration.InterceptionConfigurationExtension, Microsoft.Practices.Unity.Interception.Configuration"/>
<containers>

  <container>
    <extension type="Interception" />
    <register type="IConsoleThingie" mapTo="MyConsoleThing">
      <interceptor type="InterfaceInterceptor" />
      <policyInjection />
    </register>

    <types>
    </types>

  </container>
</containers>
 </unity>
  </configuration>
    • 0