Security - Authorization Implementation

Sep 6, 2014 at 4:52 AM
Hi Guys,
I am seeking your advice on implementing user authorization check in this LASG architecture. For an example if I implement ASP.NET Identity with claim authorization, then where should I implement the ClaimsPrincipalPermission?
Ex:
[ClaimsPrincipalPermission(SecurityAction.Demand,
                                   Operation = "Apply",
                                   Resource = "Leave")]
        public Leave Apply(Leave leave)
        {

}
Currently, I am planning to implement it at LeaveSample.UI.Process LeaveController, but I think the best place is service layer. Please kindly advice.
Thank you.
Coordinator
Sep 17, 2014 at 1:09 AM
Hi,

I'm not familiar with the requirements of ASP.NET Identity but if it is versatile enough, it should fit into properly into the Framework block of layering. Therefore, your thoughts of having it at service layer is correct because Authentication and Authorization should be independent of any UI platforms.

Hugs,
Serena