Andrea
Reputation: 803
Authorization and Authentication in DDD (c#)
I am going to deal with architecture with regard to authentication and authorization.
I'd like to know if someone wants to share its experience gained in the field of DDD.
Same questions... are both crosscutting issues? we need Ioc to manage them? what about WIF?
Thanks to share!
Upvotes: 3
Views: 2942
Answers (1)
Josh Kodroff
Reputation: 28131
In my experience, authentication and authorization work best at the controller level (if you're doing an MVC web app). You don't want these things polluting your domain objects/services/command handlers/whatever, much less the tests for these things.
In short, I consider authentication and authorization a querying-type issue so do stuff like this (example is C#/ASP.NET MVC):
[HttpPost]
public void SomeRestrictedAction(SomeViewModel model) {
if (!User.IsInRole("SomeRole"))
throw new SecurityException("I don't think so, dude!");
// perform business logic
}
Upvotes: 1
Related Questions
- How do you weave Authentication, Roles and Security into your DDD?
- Which layer should be used for user authentication
- Access Control in Domain Driven Design
- Handle Authorization and Authentication in DDD
- DDD - Implementing authorization invariants
- Authentication and User Tasks
- Authorization in multi layered architecture.
- DDD Authentication Service
- Authorization & User info in a Service Layer (.NET application)
- Where can I find information on Authentication and Authorization in the context of Domain Driven Design?