Business Logic Security in Web Applications
Question
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer .
In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. But I'm still not really happy about that solution and struggling how to make it better.
What I'm still trying to achieve:
- Ensure that every method call is denied by default if nothing is declared on it
- Inheritance: Define basic permissions on a base class that get inherited
- Something that is easy to use for specific checks
I don't want to use OAP because it work on generic classes and has some limitations as well.
Additional question: Is there some kind of Security Framework that can be implemented withing applications?
I'm working with ASP.NET / MVC and targeting .net 4.0
1 answers
solution1
1 ACCPTED 2010-10-13 14:40:32
.Net Framework does not contain anything aside from System.Security.Principal .
There are some helpful suggestions, including ASP.Net membership, or roll-your-own solutions with example code, on this earlier related question .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.