I am designing a system based on Soa principles. For authentication, traditional token approach will be used. But authorization needs to be taken to the point where buttons and labels are activated or deactivated inside the consumer app depending on the role of the user who is accessing the functionality.
The apps are being developed on wpf (prism).
Is there a know and proven way for dealing with this?
Should we design our custom mechanism?
Thanks!
WPF Prism does not handle authorization (according to this). So you need to build solution on your own.
I would suggest to take a look at claims based authorization (Managing Claims and Authorization with the Identity Model can give you high level view). Examples of claims you can use are: "UserCanSaveCustomerSettings", "UserHasCustomerManagementPrivelege".
After you will get claims configured for your application, you can use this information to make enable/disable controls. I can suggest you two options.
If you use MVVM pattern, you can expose access information(for example you can get it from ClaimsPrincipalPermission.CheckAccess) as properties of the ViewModel and bind this properties directly to controls. Something like
Or alternatively you can implement IValueConverter and again access to the claims through ClaimsPrincipalPermission.CheckAccess or through ClaimsAuthorizationManager.CheckAccess directly.
Also, you might want take in account that you should not base your security on just enable/disable controls. For example in WPF there are many tools (Snoop for instance) that make it easy to enable/unhide/click any control. You might also want to check access rights in your application/serice layer (you can use claims based authorization too, check ClaimsPrincipalPermissionAttribute).