AOP with PostSharp: Listing 3.

A practical business scenario for advanced role-based security.

Public Class UserSecurity
  Public Shared Users As List(Of UserSecurityInfo)
  Public Shared Sub PopulateUserSecurity()
    Users = New List(Of UserSecurityInfo)
    Users.Add(New UserSecurityInfo With {.UserName = "Tom.Talker", _
      .BusinessUnit = "Sales"})
    Users.Add(New UserSecurityInfo With {.UserName = "Allan.Accountant", _ 
      .BusinessUnit = "Accounting"})
  End Sub
End Class

Public Class UserSecurityInfo
  Public Property UserName As String
  Public Property BusinessUnit As String
End Class

Public Class BusinessLayer
   <AOPSecurity.ValidateBusinessUnit() >
  Public Shared Sub CreateRequisiton(BusinessUnit As String)
    'This method executes only if the current user has the specified business unit
  End Sub
End Class

 <Serializable() >
Public Class AOPSecurity

   <Serializable() >
  Public Class ValidateBusinessUnitAttribute
    Inherits PostSharp.Aspects.OnMethodBoundaryAspect
    Public Overrides Sub OnEntry(args As PostSharp.Aspects.MethodExecutionArgs)
      'Get current running user
      If My.User.IsAuthenticated = False Then
        Throw New Security.SecurityException("Unauthenticated User")
        Dim UserName = My.User.CurrentPrincipal.Identity.Name
        Dim UserSecuritySettings = _
          UserSecurity.Users.FirstOrDefault(Function(x) x.UserName = UserName)
        If IsNothing(UserSecuritySettings) = False Then
          'Validate the user's business unit to the one passed in the method
          If args.Method.IsConstructor = False Then
            Dim thisMethod As System.Reflection.MethodInfo = CType(args.Method, _
            Dim BUparam = 
              thisMethod.GetParameters().First(Function(x) x.Name = "BusinessUnit")
            If IsNothing(BUparam) = False Then
              Dim BUparameter As String = args.Arguments.GetArgument(BUparam.Position)
              If BUparameter  < > UserSecuritySettings.BusinessUnit Then
                Dim ErrorMsg = 
                  "User: {0} is not authorized to requisition for business unit: {1}"
                Throw New Security.SecurityException( _
                  String.Format(ErrorMsg, UserName, BUparameter))
              End If
            End If
          End If
          Throw New Security.SecurityException( _
            String.Format("User {0} Not Found in Users Security Table", UserName))
        End If
      End If
    End Sub

    Public Overrides Sub RuntimeInitialize(method As System.Reflection.MethodBase)
      If IsNothing(UserSecurity.Users) Then
      End If
    End Sub
  End Class
End Class

About the Author

Joe Kunk is a Microsoft MVP in Visual Basic, three-time president of the Greater Lansing User Group for .NET, and developer for Dart Container Corporation of Mason, Michigan. He's been developing software for over 30 years and has worked in the education, government, financial and manufacturing industries. Kunk's co-authored the book "Professional DevExpress ASP.NET Controls" (Wrox Programmer to Programmer, 2009). He can be reached via email at [email protected].

comments powered by Disqus


  • Customize Your Own Audio Test Cues in Visual Studio 2019 v16.9 Preview 3

    Yes, developers can be alerted to a failed test with a fart sound.

  • Progress Touts New Third-Party Blazor UI Components

    Third-party dev tool specialist Progress announced an update to its .NET-centric offerings, touting new controls for Blazor, Microsoft's red-hot project for creating web apps with C#.

  • Entity Framework Core 6: What Developers Want

    Microsoft outlined its plan for Entity Framework Core 6, which in November will take its place as the data access component of the landmark .NET 6, a long-term support (LTS) release that will mark Microsoft's transition from the Windows-only .NET Framework to an open source, cross-platform umbrella offering of all things .NET.

  • AWS Open Sources .NET Porting Assistant GUI

    After previously open sourcing components of its Porting Assistant for .NET, Amazon Web Services open sourced the tool's GUI.

Upcoming Events