3

I am going to deal with architecture with regard to authentication and authorization.

I'd like to know if someone wants to share its experience gained in the field of DDD.

Same questions... are both crosscutting issues? we need Ioc to manage them? what about WIF?

Thanks to share!

MarnixKlooster ReinstateMonica
  • 9,640
  • 14
  • 54
  • 108
Andrea
  • 803
  • 1
  • 12
  • 27
  • I assume by DDD you mean Domain-Driven Design? What exactly do you want to know? Are you talking about browser based or web services? WS-Federation or SAML? Is there a specific scenario? – rbrayb Oct 04 '11 at 18:57
  • Yes. Domain-Driven Design. Web Services Scenario. Claim based authentication. Authorization rules. Cross-cutting concerns. I need to understand how to fit in DDD architecture... thanks. – Andrea Oct 04 '11 at 21:00
  • 1
    Possibly relevant info here http://stackoverflow.com/questions/6867194/how-do-integrate-users-in-my-ddd-model-with-authenticating-users – Greg Woods Jul 19 '12 at 15:37

1 Answers1

1

In my experience, authentication and authorization work best at the controller level (if you're doing an MVC web app). You don't want these things polluting your domain objects/services/command handlers/whatever, much less the tests for these things.

In short, I consider authentication and authorization a querying-type issue so do stuff like this (example is C#/ASP.NET MVC):

[HttpPost]
public void SomeRestrictedAction(SomeViewModel model) {
    if (!User.IsInRole("SomeRole"))
        throw new SecurityException("I don't think so, dude!");

    // perform business logic
}
Josh Kodroff
  • 27,301
  • 27
  • 95
  • 148