3

I have been looking at BreezeJS and I want to try it but I searched a lot and still cannot understand how security is handled while using Breeze. Here is what I know:

According to a post on IdeaBlade forums (creators of BreezeJS), we only need a single Api Controller for all of our entities. The Api controller will contain one MetaData method, one Get method for each entity, one Save method, one Delete method. So this way we only need one EntityManager on client side configured with one service endpoint.

My questions:

  1. My understanding of "single controller for all entities" is correct?

  2. If my understanding is correct then how can we apply security on our controller? If I want a user with certain role to access only certain entities, I obviously cannot put an Authorize filter on my controller or method. May be I want a certain user to have read-only access while other users having read-write access on a certain entity. May be I only want to return aggregated data to user while restricting access to full details.

Please help. Thanks.

irf.abid
  • 53
  • 4
  • 1
    Check this out for more information - [How is breeze.js handling security and avoiding exposing business logic](http://stackoverflow.com/questions/13662496/how-is-breeze-js-handling-security-and-avoiding-exposing-business-logic) – PW Kad May 29 '14 at 22:39

0 Answers0