1

I'm starting a new MVC 3 application at the same time I'm transitioning to a more disconnected development environment where I will only occasionally be connected to the corporate network to do deployments.

I have normally used the [Authorize(Roles = @"xxx,yyy")] attributes to handle basic group authentication, but of course when I'm disconnected doing development, this will not work.

Does anyone have any suggestions or best practices for this kind of situation?

Dewayne Cushman
  • 11
  • 1

1 Answers1

0

Any time you need to do development against a resource that you may not have full (or any) access to, you should consider a mocking framework. Moq and Rhino Mocks are just two of the more popular frameworks for this purpose.

The idea is to create an interface that your code will use so that you can swap in the actual AD provider or the mocking framework depending upon which environment you're working with.

Yuck
  • 49,664
  • 13
  • 105
  • 135
  • That is a very valid point, but I'm not sure how that would fit into the MVC3 Security Attribute approach. If I was going to mock the interactions with AD, I would need to specifically write code to check group memberships, correct?. It might be the case that I just need to abandon the attribute method, and go with a specific query. There are benefits each way. – Dewayne Cushman Jul 18 '11 at 20:27
  • The `AuthorizeAttribute` hooks into whichever role provider is being used. You can definitely mock that and still use the attributes on your controllers and actions. – Yuck Jul 18 '11 at 20:43