Re: Custom Compile Time Attributes?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In fact, my plan is to throw an exception from the call to Authorize(). In
the code outline of my original post, I was just trying to make it clear
that the "inner" code of the method would not be run if the Authorize() call
failed (or literally in that case returned false).

My primary concern was not so much the logic of my authorization rules, but
instead how I declare the authorization rules in my code. Given the
following method:

public Customer GetCustomer( String Id )
{
... logic that gets an instance of Customer
}

To me, authorization rules don't necessarily have anything to do with the
logic of getting an instance of Customer, and therefore a method that looks
like:

public Customer GetCustomer( String Id )
{
if( Principal.Authorize( "GetCustomerAuthorizationRule" ) )
{
... logic that gets an instance of Customer
}
}

Now has two purposes instead of just one ... authorization and Customer
object logic. In short, it's a bit less elegant than:

[AuthorizationRule( "GetCustomerAuthorizationRule" )]
public Customer GetCustomer( String Id )
{
... logic that gets an instance of Customer
}


<sarin.rajendran@xxxxxxxxx> wrote in message
news:1131512915.773118.308140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Wouldn't it be more appropriate to throw a NotAuthorized Exception from
> your AuthorizationRule class instead? - so that if the required
> authorization rules are not met then the code that requires
> authorization will not be executed (since the AuthorizationRule
> Attribute class will be instantiated before the method is executed).
>
> If you still need to continue further processing, then you should
> probably catch the NotAuthorized Exception in the method calling
> MethodRequiringAuthorization()
>
> Regards,
> Sarin.
>


.

Relevant Pages

  • Re: General Question On Handling of Function results.
    ... It just returns a Boolean value. ... database to get the authorization, but the database was not available, that ... > exception is not really correct in my opinion. ... >> Public Function IsAuthorised (userID as String, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: General Question On Handling of Function results.
    ... > call to the database to get the authorization, ... > parameters for ErrorNumber and ErrorMessage nor should you create a custom ... >> exception is not really correct in my opinion. ... >>> happen during the IsAuthorised function, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: General Question On Handling of Function results.
    ... > is "Yes", then use an Exception. ... use an enum or a custom structure. ... >>> call to the database to get the authorization, ... >>> ErrorMessage to the calling procedure. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Cannot set specific authorization to a folder
    ... My understanding of the authorization rules is that the ... I have a local group called ITCoordinators that I want to give access to ... I am logged in as a domain user that is directly added in the local group ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: General Question On Handling of Function results.
    ... > There are various reasons why someone may not be authorised to perform an ... is "Yes", then use an Exception. ... >> call to the database to get the authorization, ... >> custom Structure (containing IsAuthorized, ErrorNumber, and ErrorMessage ...
    (microsoft.public.dotnet.languages.vb)