Introduction

I like most fluent frameworks, especially if they prevent the use of attributes. In essence there is nothing wrong with attributes but they kind of violate SRP. With fluent-security you can avoid that and keep the security code in separate files.

I did not see any VB.Net examples so I will post some here.

The beginning

First I had to install MVC 3 ;-), I swear I’m ashamed.

Then I created an MVC 3 internet application.

After that I nugetted the fluent-security package. I found out it did not really work with VB.Net. I tried it with this piece of code.

```vbnet SecurityConfigurator.Configure(Sub(configuration) configuration.GetAuthenticationStatusFrom(Function() HttpContext.Current.User.Identity.IsAuthenticated) configuration.For(Of HomeController)().Ignore() configuration.For(Of AccountController)().DenyAuthenticatedAccess() configuration.For(Of AccountController)(Function(x) x.LogOff()).DenyAnonymousAccess() End Sub)

    GlobalFilters.Filters.Add(New HandleSecurityAttribute(), 0)```

It bombed on the line.

vbnet configuration.For(Of AccountController)(Function(x) x.LogOff()).DenyAnonymousAccess() > System.InvalidCastException was unhandled by user code

Message=Unable to cast object of type ‘System.Linq.Expressions.UnaryExpression’ to type ‘System.Linq.Expressions.MethodCallExpression’.

Source=FluentSecurity

StackTrace:

at FluentSecurity.Extensions.GetActionName(LambdaExpression actionExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecurityExtensions.cs:line 56

at FluentSecurity.ConfigurationExpression.For[TController](Expression`1 propertyExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecurityConfigurationExpression.cs:line 29

at MvcApplication1.MvcApplication._Lambda$__1(ConfigurationExpression configuration) in f:mydocumentsvisual studio 2010ProjectsMvcApplication1MvcApplication1Global.asax.vb:line 38

at FluentSecurity.SecurityConfiguration..ctor(Action`1 configurationExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecuritySecurityConfiguration.cs:line 14

at FluentSecurity.SecurityConfigurator.Configure(Action`1 configurationExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecuritySecurityConfigurator.cs:line 18

at MvcApplication1.MvcApplication.Application_Start() in f:mydocumentsvisual studio 2010ProjectsMvcApplication1MvcApplication1Global.asax.vb:line 34

InnerException:

The solution was to git the code and change it a little (it took me an hour to found out what to fix. And this stackoverflow question helped.

So I changed the line.

csharp ///<summary> /// Gets the action name for the specified action expression ///</summary> public static string GetActionName(this LambdaExpression actionExpression) { return ((MethodCallExpression)actionExpression.Body).Method.Name; } to this.

csharp ///<summary> /// Gets the action name for the specified action expression ///</summary> public static string GetActionName(this LambdaExpression actionExpression) { var expression = (MethodCallExpression)(actionExpression.Body is UnaryExpression ? ((UnaryExpression)actionExpression.Body).Operand : actionExpression.Body); return expression.Method.Name; } and I contacted the owner of the project to tell him about this.

Conclusion

What was supposed to be a 10 minute blogpost turned into a debugfest but only made possible by the power of opensource. I love it. I hope the fix gets added to the sourcecode now.