I should be able to tighten my business layer - access to specific data can make a call on the UI business layer and a The user can get discripted. The UI can then call. Saving on user () and business level will call the Data Access Layer to protect the user.
However, the problem here is that I just do not want any user to be able to get a userdetail and call to save - only the certified user with that role of "administrator" How can I go about this authentication / authorization in the UI so that I can get it?
I am using ASP.NET for my UI, and I have read in the membership / role providers, but it really looks like for the real UI to protect it at my business level. Required because there are a few different UIs in the future such as
thanks.
If you put your authorization argument outside your web site (Which I believe if you are expecting to use your business layer from more than one front-end), I would definitely recommend keeping an eye on WIF. You can also integrate with Active Directory (which is a server role in Windows Server 2008 R2).
Pattern & amp; Practices have been issued which can be useful for excavation in the subject.
Comments
Post a Comment