Separating authentication and authorization is all fine, but the question is
why it was done in this way. Why not have a RoleProvider with a method
IsInRole(IIdentity, IRole role), along with other methods like
GetRoles(IIdentity), GetAllRoles(), etc. To me, the way the current
IIdentity/IPrincipal
Thanks Mark... I see now.
On Dec 17, 2007 11:14 PM, Mark Brackett <[EMAIL PROTECTED]> wrote:
> Your UserIdentity hierarchy seems to be confusing security rights with
> identity - which is where the lines are blurring for you between
> authentication and authorization. I think a more appropriate e
3.5 extension methods give you the OfType extension on IEnumerable,
so you can now do:
foreach (ReportA item in reports.OfType())
Otherwise, you'd have to do the cast yourself and catch it. Unfortunate
that both C# and VB chose to implement implicit casts in foreach
--MB
> -Original Mes
Your UserIdentity hierarchy seems to be confusing security rights with identity
- which is where the lines are blurring for you between authentication and
authorization. I think a more appropriate example would be something like:
class DatabaseIdentity : UserIdentity // retrieved from app specif
