Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Nov 08, 2012 07:01 PM by CPrakash82
Nov 07, 2012 11:10 PM|LINK
I have a small intranet application that is used by at most 100 users, though its used by multiple business units across the globe. What i need to do is set a default business unit for users based on their Active Directory group membership. We already authenticate
via AD so thats not problem. What is the best way to store the data once i get it from AD.
The application is 3 layers consisting of a MVC4 UI, a BO layer and obviously a DAL. Im thinking that storing the Business Unit in session and then refactoring all my DAL/BO methods to accept a nullable int would be the best way to deal with it. Is there
anyway i can expose a global variable that will span all three layers without having to expose the UI/BO to the DAL?
(This is my first major 3 layer app, the developer prior to me left a bit of a mess, and i really want to follow best practice on this)
Nov 07, 2012 11:39 PM|LINK
Im thinking that storing the Business Unit in session and then refactoring all my DAL/BO methods to accept a nullable int would be the best way to deal with it.
Sounds good but the only problem is volatile nature of session. You might need to have initialization code in place if it gets removed from the memory.
Is there anyway i can expose a global variable that will span all three layers without having to expose the UI/BO to the DAL?
That is not a good idea, it will build lots of dependency in between the layers and if you wants to make change in any of these you will have problem later on.
Nov 08, 2012 12:30 AM|LINK
This is identity information you're talking about so it should be treated as a security question.
If you're authenticating against AD then the AD groups are automatically populated into roles for the user. .NET then has a special global variable for the current user of any application, and this is the Thread.CurrentPrincipal variable. It has Identity.Name
and IsInRole APIs. IsInRole should be able to tell you what role (or group) the user is in.
You code could do checks like:
bool isInThatGroup = Thrread.CurrentPrincipal.IsInRole("YourGroupName");
and from the result of this call you should be able to make policy or authorization decisions.
Nov 08, 2012 04:19 PM|LINK
Thanks for the replies guys.
Brock - The data or any of the data isnt critical between business units. Its only seperated and worked on that way so that they dont have to wade through each others data. Much more of a UI thing. They will still have the option to access all the
data anyway if they desire.
Cprakash - What do you mean by initialization? I think in the public string i will have something like this.
run code to check group and reset session here
something like that?
Nov 08, 2012 07:01 PM|LINK
I was talking about code like this.
var mycontent = Session[sessionKey] as MyContentType;
//...reinitialize the content
mycontent = new MyContentType();