Csla and ASP.NET Core MVC

[Chicagoan2016]

We are starting a new project and will be using ASP.NET Core MVC. My question is should we use Razor pages or stick with MVC view pages? just wondering what are fellow Csla developers using?

Kind Regards

Version and Platform CSLA version: 4.7.100 OS: Windows Platform: ASP.NET Core

[rockfordlhotka]

I personally like Razor Pages quite a lot. I think MVC was ok, but didn't follow the DRY (don't repeat yourself) principle, in that you had to write a lot of repetitive code to create controllers.

Razor Pages is a slight abstraction over MVC, where the framework manages most of that repetitive behavior, leaving you to write only code that has real meaning.

[Chicagoan2016]

Thank you @rockfordlhotka , We used to have a MVC application inside project tracker solution, which version of ProjectTracker is that?

Regards

[rockfordlhotka]

@Chicagoan2016 I don't recall.

Right now there's an MvcExample that is current for CSLA 5.

[tabaguley]

What is the recommended approach for setting up user Authentication & Authorization with CSLA 5 and MVC? I took a look at the MvcExample project, but I don't see any security/permissions stuff. Thank you.

[rockfordlhotka]

@tabaguley as always, CSLA just sits on top of ASP.NET authentication. The Csla.ApplicationContext.User property is (when running in ASP.NET) just sitting on top of HttpContext.User.

So from an authentication perspective, configure aspnetcore authentication as you desire, and use ApplicationContext.User to get at the user.

From an authorization perspective, the same helpers in Csla.Web.Mvc are there that have been around for many years. These helpers include the HasPermissionAttribute and some HasPermission methods in the HTML helpers.

[tabaguley]

Thank you for the info. To be honest, it's been over a decade since I did any type of Web site build, so I'm having to (re)learn a lot. I am also trying to figure out the best way to leverage our existing business objects (custom Principal & Identity). I do see from the CSLA 4.11 Samples how things were done there. Are there any plans to scaffold Identity Authorization into the MvcExample project per Microsoft's documentation (below)?

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-3.0&tabs=visual-studio

[rockfordlhotka]

My intent with the *Example apps, at least thus far, is to show the most simple/direct way to build an app of the UI type with CSLA. The ProjectTracker app is the more in-depth/complex example.

The one thing you should be aware of, for server-side only this isn't a huge deal, but aspnetcore uses ClaimsPrincipal instead of the more basic Principal type. When building a client-server app where the principal needs to be serialized by the data portal then you need to use CslaClaimsPrincipal because it can be serialized.