Books/resources on authentication and authorization in layered applications
Question
I've been trying to find resources and guidelines for implementing authentication and authorization in multiple layered architectures (C#), but haven't found any "best practices" or patterns to use. And I figured, that there must be some patterns for this, as it is a pretty important area?
The application that we're developing, is layered traditionally, having
- data layer (Entity Framework 4)
- repositories
- domain layer
- service layer (can be WCF, with data transfer objects)
- multiple clients consuming the WCF service (ASP.NET [MVC], Silverlight, WPF) and clients accessing a service layer directly (no WCF)
Are there books/articles/blogs that dig deeply into this area? Primarily about authorization such as handling multiple roles and attributes attached to users).
It doesn't have to be specific for the .NET Framework, but it would be preferred.
UPDATE: I got some good links already, but I'm looking for more implementation examples and articles. Maybe a solution where something like the above is implemented?
3 answers
solution1
1 ACCPTED 2010-05-21 08:12:36
This resources can be helpful
http://msdn.microsoft.com/en-us/security/aa570351.aspx from Microsoft, mostly about Windows Identity Foundation
A Guide to Claims–based Identity and Access Control from Microsoft Patterns&Practices team
Best Regards
solution2
0 2010-05-16 21:31:05
Yes there is, you can check patterns & practices Application Architecture Guide 2.0
It will give you design-level guidance for the architecture and design of applications. And also a good thing it is specific for .NET :)
solution3
0 2010-05-24 22:34:11
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.