Friday, May 02, 2008

Using AzMan with CSLA Business Objects

Using AzMan to provide authorization to your CSLA business objects is a relatively easy task. In the following examples I'm using AzMan through the Enterprise Library AzMan Authorization Provider. If you're using the COM API directly you should be able to modify the AzManPrincipal class below to wrap that instead of the EL provider.

First, I've created a class called AzManPrincipal which extends the Csla.Security.BusinessPrincipalBase class. This is the class that is an IPrincipal and as such has the implementaion of IsInRole. It is worth noting that my implementation below will authorize access on the "task" defined in AzMan.

internal sealed class AzManPrincipal : Csla.Security.BusinessPrincipalBase
{
private IAuthorizationProvider _authProv = null;
public AzManPrincipal(IIdentity identity)
: base(identity)
{
string providerName = ConfigurationManager.AppSettings["AzMan Provider"];
_authProv = AuthorizationFactory.GetAuthorizationProvider(providerName);
}
public override bool IsInRole(string role)
{
return (_authProv.Authorize(this, role));
}
}


Next, at the start of your application you will need to set your custom principal on the Csla.Application.User

Csla.ApplicationContext.User = new AzManPrincipal(WindowsIdentity.GetCurrent());



Finally, your classes may use the current application context to authorize any actions on the class (CRUD methods or read/write properties) as in the following example:

public static bool CanGetObject()
{
return (Csla.ApplicationContext.User.IsInRole("Read Customer Task"));
}