I'm trying to find resources and guidelines for implementing authentication and authorization in layered architectures (C #), but have not found "best practices" or patterns to use. And I thought that there should be some patterns for this, since this is a pretty important area?
The application we are developing traditionally overlays layers, having
- data layer (Entity Framework 4)
- repositories
- domain level
- service level (may be WCF, with data transfer objects)
- several clients consuming the WCF service (ASP.NET [MVC], Silverlight, WPF) and clients accessing the service level directly (without WCF)
Are there books / articles / blogs in this area? First of all, about authorization, for example, processing several roles and attributes attached to users).
It should not be specific to the .NET Framework, but would be preferable.
UPDATE: I already have good links, but I'm looking for examples and implementation examples. Maybe a solution that implements something like the above?
source share