I would like to authorize a message can be executed before consuming. my first approach was to add a UserId property. the back end would pull the user id from the message and authorize the user can infact execute the message.
This made sense in the beginning, but now I'm looking at my messages and thinking. "UserId doesn't belong there". 2 ideas of how to remedy this came to mind. #1 tack the userid on to the uri. from the client add a message module to append the userid as a query string to the destination uri. on the backend have a message module to pull the userid out of the source uri and authorize the message when it arrives. #2. authorize commands on the client before sending. no need to alter any part of the service bus infact authorization would happen at the controller action. using a bus becomes irrelevant on the client. at the destination validate the message came from a valid source (in this case the website). if it came from somewhere else it, fail. #2 seems simpler. #1 seems like it would only be applicable in some extreme security context. -- You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en.
