Programming Articles

Unlike MVC or Web Forms, when using WPF, you don't get a pre-built security system. Thus, you need to come up with your own method of securing controls on WPF screens, such as the one shown in Figure 1. There are a few different methods to accomplish this goal. For example, you can create different properties in your View model to make controls invisible or disabled based on a user's role. The problem with this approach is that if you need to secure more controls, you need to change the code and then redistribute your WPF application to your users. In this article, I'm going to take a data-driven approach to security so you can make changes in a database table and have your WPF application's security update without having to make code changes.

In my last two articles (Security in Angular: Part 1 and Security in Angular: Part 2), you created a set of Angular classes to support user authentication and authorization. You also built a .NET Core Web API project to authenticate a user against a SQL Server table. An authorization object was created with individual properties for each item that you wished to secure in your application. In this article, you're going to build an array of claims and eliminate the use of single properties for each item that you wish to secure. Using an array of claims is a much more flexible approach for large applications.

In my last article, Security in Angular: Part 1, you learned to create a set of Angular classes to support user authentication and authorization. You used these classes to log in a user and make menus and buttons visible and invisible. In this article, you'll use a .NET Core Web API project to authenticate a user against a SQL Server table. You'll return an authorization object by reading claim information from a claim table. You'll also secure your Web API methods using the JSON Web Token (JWT) standard.

In most business applications, you're going to want to disable, or make invisible, various features such as menu items, buttons, and other UI items, based on who's logged in and what roles or permissions they have. Angular doesn't have anything built-in to help you with this, so you must create it yourself.