RegionManager.RequestNavigate or other mean to control security?

Topics: Prism v4 - Silverlight 4
Jan 17, 2012 at 3:48 AM

I have my own SecurityService where I can check if current user has access to specific view.

What I'm trying to achieve is when RegionManager.RequestNavigate called - I need some kind of hook that will check view specified against security service and then either cancel navigation or proceed with it.

Can I somehow utilize INavigationAware? So far I can't see how I can do it..

Is there any samples on how I can subclass RegionManager to do this?

Jan 17, 2012 at 5:18 PM

I implemented something like this by overriding Prism's RegionNavigationContentLoader.CreateNewRegionItem() method. After executing the base class CreateNewRegionItem(), I have the override method check the user's rights using our security service. If the user doesn't have access, the code throws an ActivationException() and that causes the navigation request to fail.

 

Developer
Jan 17, 2012 at 5:21 PM
Edited Jan 17, 2012 at 5:22 PM

Hi,

Based on my understanding of your scenario, you might benefit from the IConfirmNavigationRequest interface. By implementing this interface on your view or view model class, it will allow you to confirm or cancel the navigation.

You will find that this interface derives from the INavigationAware interface and adds the ConfirmNavigationRequest method, which provides two parameters: a reference to the current navigation context (which will be useful to retrieve parameters passed when navigating) and a callback method that you can call when you want the navigation to continue.

This way, I believe you could store a reference to the continuation callback so the application can call it after it finishes validating the navigation request, for example with your SecurityService.

Also you might find the following discussion useful, where you can find more information and a sample application that implements the aforementioned fuctionality:

Additionally, you could find the following topics from the Navigation chapter at MSDN helpful:

I hope you find this handy,

Agustin Adami
http://blogs.southworks.net/aadami


Jan 17, 2012 at 6:15 PM

Yesterday after I posted message I came up with other way. What do you think? I have to call

RequestSecuredNavigate instead of RequestNavigate but it does exactly what I wanted..

 

public

 

 static class

RegionManagerExtensions

{

 

public static void RequestSecuredNavigate(this IRegionManager regionManager, ISecurityService securityService, string regionName, string

source)

{

 

if

(securityService.IsUserInRole(source))

{

regionManager.RequestNavigate(regionName, source);

}

 

else

{

regionManager.RequestNavigate(

RegionNames.MainPopup, typeof(AccessDeniedView

).Name);

}

}

}

Developer
Jan 18, 2012 at 4:34 PM

Hi katit,

Your approach seems to be an exellent choice, thanks for sharing it with the rest of the community.

As a side note, take into account that the main difference with your approach is that when implementing IConfirmNavigationRequest  you will be able to confirm the navigation request using an asynchronous interaction. However, this will deppend on your personal preferences and the requirements of your scenario.

Thanks,

Agustin Adami
http://blogs.southworks.net/aadami