1

Topic: Autherisaton filters with not declarative logic

In Web API are available  filters where it is possible to check roles or . It exists for a long time and works but how to be in a case when it is declarative  rules it is impossible, for example methods public GetProducts () public UpdateProduct (productID int) How to check up in the filter that at the current user are the rights on update a certain product (tell can update a product c id = 123, and others can read only.) or can read only c id> 123. All these rules demand access to a DB for check. Traditionally it becomes directly in a method, i.e. something is added type if (AccessAllowed (productID, userID))... Or select * from Products join UserProducts... It would be desirable to separate logic of safety from business logic, it was possible-whether to somebody?

2

Re: Autherisaton filters with not declarative logic

Hello, Stalker., you wrote: S> In Web API are available  filters where it is possible to check roles or . It exists for a long time and works but how to be in a case when it is declarative  rules it is impossible, for example methods S> S> public GetProducts () S> public UpdateProduct (productID int) S> S> How to check up in the filter that at the current user are the rights on update a certain product (tell can update a product c id = 123, and others can read only.) Or can read only c id> 123. All these rules demand access to a DB for check. Traditionally it becomes directly in a method, i.e. something is added type S> S> if (AccessAllowed (productID, userID))... S> S> or S> S> select * from Products join UserProducts... S> S> It would be desirable to separate logic of safety from business logic, it was possible-whether to somebody? I had a project (not web-api) there there were classes which were responsible for authentification and authorization. All went through them. It is possible So to select, and in certain cases and it is useful. And what unless in Web-api it is impossible to write the filter?

3

Re: Autherisaton filters with not declarative logic

Hello, Qulac, you wrote: Q> I had a project (not web-api) there there were classes which were responsible for authentification and authorization. All went through them. It is possible So to select, and in certain cases and it is useful. And what unless in Web-api it is impossible to write the filter? It is possible, but can there are any recommended patterns. We tell an example of a method of reading only with id> 100. It is possible to read everything, and then in the filter to filter all superfluous values. But somehow it will be strange to look, a lot of the superfluous code out of the blue, without speaking already about productivity.

4

Re: Autherisaton filters with not declarative logic

Hello, Stalker., you wrote: S> Hello, Qulac, you wrote: Q>> I had a project (not web-api) there there were classes which were responsible for authentification and authorization. All went through them. It is possible So to select, and in certain cases and it is useful. And what unless in Web-api it is impossible to write the filter? S> it is possible, but can there are any recommended patterns. We tell an example of a method of reading only with id> 100. It is possible to read everything, and then in the filter to filter all superfluous values. But somehow it will be strange to look, a lot of the superfluous code out of the blue, without speaking already about productivity. Not so clearly that you want. To produce different given to different users is one, and access protection this another.

5

Re: Autherisaton filters with not declarative logic

Hello, Qulac, you wrote: Q> it is not so clear that you want. To produce different given to different users is one, and access protection this another. To produce different given to different users is and there is an access protection Only it not the declarative. I.e. depends on adjustments.  there are goods, to them at different users different access levels on reading/change. It absolutely definitely logic of access, and a question in how it effectively to separate from logic business. If it  to push into business the logic (that normally and happens) spreading of this code by all system begins.

6

Re: Autherisaton filters with not declarative logic

Hello, Stalker., you wrote: S> Hello, Qulac, you wrote: Q>> it is not so clear that you want. To produce different given to different users is one, and access protection this another. S> to produce different given to different users is and there is an access protection Disputably. It yet does not guarantee that the user cannot change object with access "only for reading", i.e. all the same it will be necessary to do still checks. On me it is closer to business logic. Q>> only it not the declarative. I.e. depends on adjustments.  there are goods, to them at different users Q>> different access levels on reading/change. It absolutely definitely logic of access, and a question in how it Q>> effectively to separate from logic business. Q>> if it  to push into business the logic (that normally and happens) spreading of this code by all Q>> to system begins. Probably so better and to make, after all objects with a different functional (read or write) are returned to the user not simply so, and within the limits of any business logic, accordingly in it it and will be reflected.

7

Re: Autherisaton filters with not declarative logic

Hello, Qulac, you wrote: Q> Probably so better and to make, after all objects with a different functional (read or write) are returned to the user not simply so, and within the limits of any business logic, accordingly in it it and will be reflected. There are examples of carrying out of such logic for business logic limits, for example https://docs.microsoft.com/en-us/aspnet … ed-handler But I yet did not find more complex approach