With RIA services, you easily end up exposing quite a few service operations, many of which ought to imply business specific (contextual) security considerations.
Storing the current user in a session or similar, and figuring ou开发者_C百科t who he/she represents on each query operation is all well and good; but is this the common / best way of going about things?
I'd very much appreciate some guidance on best practices here :-)
Yes the checking has to be done by something, so you might as well use the standard membership/role providers (or your own replacements).
You can attribute the RIA services methods with required roles (e.g. using [RequiresRole("RoleName")]) then the checks are not handled explicitly by you.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论