Earlier this year i watched a webcast on the PIAB (policy injection application block) but had sortof dismissed most of it because i didn't think it really applied to anything i was doing at the time. Of course, maybe i just didn't understand it well enough at the time.
I decided to actually force myself to figure it out this time around because someone had mentioned to me the idea of interception and i had recalled PIAB using interception to do some of the things it does with 'policies'.
I started out following along with the webcast and making a simple console application with a single business object in it. That code looked like this:
//Have to inherit from MarshalByRefObject OR you could have an interface for any methods that you want to apply policy too
public class BusinessObject : MarshalByRefObject
{
public void DoSomething(string input)
{
Console.WriteLine("I'm doing something");
Console.WriteLine("press any key");
Console.ReadKey();
}
}
They mention in the webcast that there's a remoting proxy to wrap the objects, this requires you either use an interface or inherit from MarshalByRefObject (this i think is what enables reflection to create a wrapper at runtime.)
Anyhow, setting up the actual console app is straight forward:
class Program
{
static void Main(string[] args)
{
//we have to set it to use windows principle to make it use the authorization provider... change the identity from "desktop02\james" to your own machine\user setting and test.
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
// here we're creating the object, we could just as easily 'new' it up then use PolicyInjection.Wrap<>()
BusinessObject obj = Microsoft.Practices.EnterpriseLibrary.PolicyInjection.PolicyInjection.Create<BusinessObject>();
//call our proxy object's DoSomething() method!
obj.DoSomething("whatup");
}
}
Nothing special, as i said.
The actual config is where you get into adding the actual policies, and in this case i've chosen to attach an authorization policy and a logging policy. Obviously, you wouldn't want an authorization policy setup in your config file (maybe on the server side but definitely not on the client side). First i'll Setup the authorization policy. I opened up the App.config using the enterprise configuration editor and added a PIAB section. I added a matching rule and set it to match to a member and set that member collection to have 1 item in it. That item was of course "DoSomething".
(I'm going to lazy it up and not have screenshots but i'll post the code for everyone to download.)
Then i added an authorization handler and a logging handler.
Then i added an authorization provider and an authorization rule. The rule required that i be identity "desktop01\james" to match my current user i'm logged into on my machine.
Then i added a logging block section with a flat file log source (i think event log is a bad idea according to the 70-536 eventlog permissions open up all kinds of security issues so it's best to not depend on those permissions in an enterprise application... i choose flat file but probably xml is the best option these days. but i digest. )
Once those things are in place in the config, you run it and it will require authorization and it will log all the information i asked it to! Very cool stuff!
download the project for visual studio 2008