Being serious about the command table pattern – and adding security to it

Reading Paul’s article Being serious about the Command Table Pattern definitely helped me on a tricky problem I had to solve for a customer. However when you really make heavy use of that you will notice that you now have only reduced security features available. For example, when you want selected users to only read a specific “Verb” or command from that table you cannot just use the “CanRead” function on the table. you have to perform these checks in the respective function of that “Query”.
In addition, even if you do these checks the whole table itself is still readable by any user. The only solution I could come up with is by checking the role in the “Query_Executing” method and throwing an exception in case the role does not match:

partial void Query_Executing(QueryExecutingDescriptor queryDescriptor)
{
  if (queryDescriptor.Name.Equals("CommandTable", StringComparison.InvariantCultureIgnoreCase))
  {
    if (!this.Application.User.IsInRole("UberAdmin"))
    {
      throw new UnauthorizedAccessException();
    }
  }
}

Trackbacks

  1. […] on the “Being serious about the command table pattern” approach (you can also check a previous post on how to add security to it) and implemented by defining a “data blob” in one of your LightSwitch columns and use […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: