Reputation: 27937
Business Logic Security in Web Applications
Some weeks ago I've asked a question regarding best practice on how to secure a Business Layer.
In the meantime I have something based on PrincipalPermission and some custom code for specifics checks. But I'm still not really happy about that solution and struggling how to make it better.
What I'm still trying to achieve:
- Ensure that every method call is denied by default if nothing is declared on it
- Inheritance: Define basic permissions on a base class that get inherited
- Something that is easy to use for specific checks
I don't want to use OAP because it work on generic classes and has some limitations as well.
Additional question: Is there some kind of Security Framework that can be implemented withing applications?
I'm working with ASP.NET / MVC and targeting .net 4.0
Upvotes: 1
Views: 675
Answers (1)
Reputation: 54178
.Net Framework does not contain anything aside from System.Security.Principal.
There are some helpful suggestions, including ASP.Net membership, or roll-your-own solutions with example code, on this earlier related question.
Upvotes: 1
Related Questions
- ASP.NET security
- Business Logic Layer
- Business layer in an asp.net application
- ASP.NET Business Logic Layer
- Security in asp.net
- Security implemention in asp.net
- web store security
- Protecting business logic in webservices
- ASP.Net security using Operations Based Security
- what are strategies for shielding off web resources based on business logic