First, I've created a class called AzManPrincipal which extends the Csla.Security.BusinessPrincipalBase class. This is the class that is an IPrincipal and as such has the implementaion of IsInRole. It is worth noting that my implementation below will authorize access on the "task" defined in AzMan.
internal sealed class AzManPrincipal : Csla.Security.BusinessPrincipalBase
{
private IAuthorizationProvider _authProv = null;
public AzManPrincipal(IIdentity identity)
: base(identity)
{
string providerName = ConfigurationManager.AppSettings["AzMan Provider"];
_authProv = AuthorizationFactory.GetAuthorizationProvider(providerName);
}
public override bool IsInRole(string role)
{
return (_authProv.Authorize(this, role));
}
}Next, at the start of your application you will need to set your custom principal on the Csla.Application.User
Csla.ApplicationContext.User = new AzManPrincipal(WindowsIdentity.GetCurrent());
Finally, your classes may use the current application context to authorize any actions on the class (CRUD methods or read/write properties) as in the following example:
public static bool CanGetObject()
{
return (Csla.ApplicationContext.User.IsInRole("Read Customer Task"));
}
