authorization - Achieving property value assignment control using a generic approach for POCO or plain C# entity classes -

-

i working on .net application & trying achieve following in c#.

let's assume have entity employee class below few public auto implemented properties. assume have created attribute - beforepropertyset & have annotated of entity properties - in class below.

class employee {     [beforepropertyset("some delegate", "some other prop value")]     public string address { get; set; }      public string name { get; set; }      public int age { get; set; } }

what want can explained of code snippet - 

var e = new employee(); e.address = "confidential data";   //this assignment restricted user x //whereas allowed user y e.name = "general data";

whenever assign value property, if property annotated special attribute beforepropertyset callback common function standard thing across application. example, if currentuser not expected view value being assigned new value assignment can cancelled.

this approach enables me remove attribute or add new entities easily.

i found this approach can allow me invoke function few changes of invocation in inherited class, auto-generated inherited class & instance needs explicitly created approach.

have tried this? please let me know know how can achieve or please point other resources may know. appreciate help. many thanks.

thanks gave probable answers. posting here sake of completeness. here why & how changed path & still achieved business goal in application.

after discussion team attribute based approach cancelled. main reason have ability change data protection policy dynamically without revisiting code. in mind, ended doing following.

1) defined metadata inside xml & cached it. 2) model conversion/creation - assignments happen in 1 single class per model. 3) added 1 helper method checks in xml if current user has access protected data based on xml config & assigns appropriate value.

xml looks - 

 <modeltag name="somemodelname">     <property defaultreturnvalue="0" roles="userrole1, userrole2">propertyname1</property>   </modeltag>

and new c# code looks - 

employee e  = new employee(); e.propertyname1 = (checkaccess(e,"propertyname1") ? "new value2" : null); e.propertyname2 = (checkaccess(e,"propertyname1") ? "new value2" : null);   bool checkaccess(model m, string propname) {     var currentrole = getcurrentrole();  //some method retrive role of current user     //retrieve xml model m cache     //check if xml configuration provides access values of propname currentrole     //return true or false accordingly }

i hope someone.


Comments

Post a Comment

Popular posts from this blog

c++ - No viable overloaded operator for references a map -

-
i trying use map can make tag names reference number. when try , use it, in code error (6 in total every time reference map): src/main.cpp:25:45: error: no viable overloaded operator[] type 'std::map<std::string, std::string>' const char* idcs = node.child_value(tagmap[3]); this code: #include "pugi/pugixml.hpp" #include <iostream> #include <string> #include <map> int main() { pugi::xml_document doca, docb; std::map<std::string, pugi::xml_node> mapa, mapb; std::map<std::string, std::string> tagmap {{"1", "data"}, {"2", "entry"}, {"3", "id"}, {"4", "content"}}; if (!doca.load_file("a.xml") || !docb.load_file("b.xml")) { std::cout << "can't find input files"; return 1; } (auto& node: doca.child(tagmap[1]).children(tagmap[2])) { co
Read more

java - Custom OutputStreamAppender not run: LOGBACK: No context given for <MYAPPENDER> -

-
i wish write custom appender on basis of outputstreamappender . wrote following class package tests; import java.io.ioexception; import java.io.outputstream; import ch.qos.logback.core.outputstreamappender; public class myappender<e> extends outputstreamappender<e> { public myappender() { system.out.println("myappender created"); setoutputstream(new outputstream() { @override public void write(int b) throws ioexception { throw new unsupportedoperationexception(); } }); } } then wrote following runner: package tests; import org.slf4j.loggerfactory; import ch.qos.logback.classic.logger; public class runner { private static final logger log = (logger) loggerfactory.getlogger(runner.class); public static void main(string[] args) { //log.addappender(new myappender<iloggingevent>()); log.info("hello world"); } } finall
Read more

java - Cannot secure connection using TLS -

-
i'm trying establish secure socket connection between java client applet (built jdk 1.7.0_75-b13) , vc++ server application. as test vehicle, used vc++ client/server sample found in msdn forums, modified use schannel , able establish socket using cipher suite tls_rsa_with_aes_128_cbc_sha. works of tls 1.0/1.1/1.2. when try opening socket java applet same server application, connection rejected server reporting following: tls 1.0 acceptsecuritycontext failed: 0x80090327 tls 1.1 acceptsecuritycontext failed: 0x80090331 tls 1.2 acceptsecuritycontext failed: 0x80090331 this java code used create socket: debugprint("setting secure connection"); sslsocketfactory sslsocketfactory = (sslsocketfactory) sslsocketfactory.getdefault(); sslsocket sslsocket = (sslsocket) sslsocketfactory.createsocket("127.0.0.1", socketnumber); debugprint("starting handshake"); sslsocket.settcpnodelay(true); sslsocket.setsolinger(false, 0); sslsocket.s
Read more