Introduction
I like most fluent frameworks, especially if they prevent the use of attributes. In essence there is nothing wrong with attributes but they kind of violate SRP. With fluent-security you can avoid that and keep the security code in separate files.
I did not see any VB.Net examples so I will post some here.
The beginning
First I had to install MVC 3 ;-), I swear I’m ashamed.
Then I created an MVC 3 internet application.
After that I nugetted the fluent-security package. I found out it did not really work with VB.Net. I tried it with this piece of code.
```vbnet SecurityConfigurator.Configure(Sub(configuration) configuration.GetAuthenticationStatusFrom(Function() HttpContext.Current.User.Identity.IsAuthenticated) configuration.For(Of HomeController)().Ignore() configuration.For(Of AccountController)().DenyAuthenticatedAccess() configuration.For(Of AccountController)(Function(x) x.LogOff()).DenyAnonymousAccess() End Sub)
GlobalFilters.Filters.Add(New HandleSecurityAttribute(), 0)```
It bombed on the line.
vbnet
configuration.For(Of AccountController)(Function(x) x.LogOff()).DenyAnonymousAccess()
> System.InvalidCastException was unhandled by user code
Message=Unable to cast object of type ‘System.Linq.Expressions.UnaryExpression’ to type ‘System.Linq.Expressions.MethodCallExpression’.
Source=FluentSecurity
StackTrace:
at FluentSecurity.Extensions.GetActionName(LambdaExpression actionExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecurityExtensions.cs:line 56
at FluentSecurity.ConfigurationExpression.For[TController](Expression`1 propertyExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecurityConfigurationExpression.cs:line 29
at MvcApplication1.MvcApplication._Lambda$__1(ConfigurationExpression configuration) in f:mydocumentsvisual studio 2010ProjectsMvcApplication1MvcApplication1Global.asax.vb:line 38
at FluentSecurity.SecurityConfiguration..ctor(Action`1 configurationExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecuritySecurityConfiguration.cs:line 14
at FluentSecurity.SecurityConfigurator.Configure(Action`1 configurationExpression) in C:UserschristiaanSourcecodefluentsecurityFluentSecuritySecurityConfigurator.cs:line 18
at MvcApplication1.MvcApplication.Application_Start() in f:mydocumentsvisual studio 2010ProjectsMvcApplication1MvcApplication1Global.asax.vb:line 34
InnerException:
The solution was to git the code and change it a little (it took me an hour to found out what to fix. And this stackoverflow question helped.
So I changed the line.
csharp
///<summary>
/// Gets the action name for the specified action expression
///</summary>
public static string GetActionName(this LambdaExpression actionExpression)
{
return ((MethodCallExpression)actionExpression.Body).Method.Name;
}
to this.
csharp
///<summary>
/// Gets the action name for the specified action expression
///</summary>
public static string GetActionName(this LambdaExpression actionExpression)
{
var expression = (MethodCallExpression)(actionExpression.Body is UnaryExpression ? ((UnaryExpression)actionExpression.Body).Operand : actionExpression.Body);
return expression.Method.Name;
}
and I contacted the owner of the project to tell him about this.
Conclusion
What was supposed to be a 10 minute blogpost turned into a debugfest but only made possible by the power of opensource. I love it. I hope the fix gets added to the sourcecode now.