By including the identity of the current user within a service request, we can check for the required authorizations before executing the service. We can even filter out the returned information based on this authorization. For example, the following GetAccountBalance service could return InvalidAccount if the requested account exists but does not belong to the authenticated client.
public class GetAccountBalance
{
/// <summary>
/// The client requesting the account balance.
/// </summary>
public ClientRequestElement Client;
public class ClientRequestElement
{
public int ClientID;
}
/// <summary>
/// The account for which the balance is requested.
/// </summary>
public AccountRequestElement Account;
public class AccountRequestElement
{
public string AccountNumber;
}
}
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment