AOP with PostSharp: Listing 3.
A practical business scenario for advanced role-based security.
Public Class UserSecurity
Public Shared Users As List(Of UserSecurityInfo)
Public Shared Sub PopulateUserSecurity()
Users = New List(Of UserSecurityInfo)
Users.Add(New UserSecurityInfo With {.UserName = "Tom.Talker", _
.BusinessUnit = "Sales"})
Users.Add(New UserSecurityInfo With {.UserName = "Allan.Accountant", _
.BusinessUnit = "Accounting"})
End Sub
End Class
Public Class UserSecurityInfo
Public Property UserName As String
Public Property BusinessUnit As String
End Class
Public Class BusinessLayer
<AOPSecurity.ValidateBusinessUnit() >
Public Shared Sub CreateRequisiton(BusinessUnit As String)
'This method executes only if the current user has the specified business unit
Return
End Sub
End Class
<Serializable() >
Public Class AOPSecurity
<Serializable() >
Public Class ValidateBusinessUnitAttribute
Inherits PostSharp.Aspects.OnMethodBoundaryAspect
Public Overrides Sub OnEntry(args As PostSharp.Aspects.MethodExecutionArgs)
'Get current running user
If My.User.IsAuthenticated = False Then
Throw New Security.SecurityException("Unauthenticated User")
Else
Dim UserName = My.User.CurrentPrincipal.Identity.Name
Dim UserSecuritySettings = _
UserSecurity.Users.FirstOrDefault(Function(x) x.UserName = UserName)
If IsNothing(UserSecuritySettings) = False Then
'Validate the user's business unit to the one passed in the method
If args.Method.IsConstructor = False Then
Dim thisMethod As System.Reflection.MethodInfo = CType(args.Method, _
System.Reflection.MethodInfo)
Dim BUparam =
thisMethod.GetParameters().First(Function(x) x.Name = "BusinessUnit")
If IsNothing(BUparam) = False Then
Dim BUparameter As String = args.Arguments.GetArgument(BUparam.Position)
If BUparameter < > UserSecuritySettings.BusinessUnit Then
Dim ErrorMsg =
"User: {0} is not authorized to requisition for business unit: {1}"
Throw New Security.SecurityException( _
String.Format(ErrorMsg, UserName, BUparameter))
End If
End If
End If
Else
Throw New Security.SecurityException( _
String.Format("User {0} Not Found in Users Security Table", UserName))
End If
End If
End Sub
Public Overrides Sub RuntimeInitialize(method As System.Reflection.MethodBase)
If IsNothing(UserSecurity.Users) Then
UserSecurity.PopulateUserSecurity()
End If
End Sub
End Class
End Class
About the Author
Joe Kunk is a Microsoft MVP in Visual Basic, three-time president of the Greater Lansing User Group for .NET, and developer for Dart Container Corporation of Mason, Michigan. He's been developing software for over 30 years and has worked in the education, government, financial and manufacturing industries. Kunk's co-authored the book "Professional DevExpress ASP.NET Controls" (Wrox Programmer to Programmer, 2009). He can be reached via email at [email protected].