All Comments
TopTalkedBooks posted at August 20, 2017

While I can't claim that this is "best practice," this is at least one approach, taken by Rockford Lhotka in Expert C# 2008 Business Objects.

You could have all domain entities eventually derive from some base class. That base class could have a method like this:

public virtual bool CanReadProperty(string propertyName) { ... }

That method could be called by each property before allowing the user to view it (or set it). For better performance, that base class could have the authorization roles cached, so checking wasn't an expensive operation. And, of course now that we have expression trees, CanReadProperty() could take an expression so that it was strongly-typed.

An example of a property would look like this:

public string Name
{
    get
    {
        if (!CanReadProperty("Name")) { return string.Empty; } // or return null, whatever...
        return _name;
    }
}

The benefit of this approach is that you don't need many different DTOs for the various scenarios where the viewing of these properties can change.

TopTalkedBooks posted at August 20, 2017
TopTalkedBooks posted at August 20, 2017

Buying the book is very useful. Not only will you get information about how to use CSLA.net but also Rocky explains his decisions and his motives. Note that there is no book for the current (4.0) release. For the 3.8 relase you can find the book here. There are some major changes between 3.8 and 4.0 regarding the validation rules. You can find some explanations about these changes on Rocky's Blog.

Furthermore, because his framework is completely free, buying the book is a good way to sponsor the work Rocky is doing by creating the framework

Top Books
We collected top books from hacker news, stack overflow, Reddit, which are recommended by amazing people.