How to Fit Business Logic in a Dynamic Data Application.

Question

User-1891342264 posted

I'm currently evaluating Dynamic Data for a web application. I am very impressed with it's ability to generate the views from the data model. However, I am unclear about where I can fit in the business logic. It seems that the data model is directly tied to the UI layer without any opportunity to fit a business logic inbetween. I am currently evaluating Dynamic Data with ADO.NET Entity Framework, since I would like my application to work with both SQL Server and Oracle (and perhaps other databases in the future).

I need to be able to restrict access to certain tables, columns, and rows based on the user's role. Also, I need special logic when inserting data into certain tables.

I found an example which addressed the issue of limiting data display to users based on their role. It's quite nice, and it meets some of my requirements, but the permission control is done directly in the UI layer (the .aspx.cs files). Since security is quite important for me, I would like to have the permission logic in the business logic layer or the data access layer.

I'm stuck trying to figure out where I can put my business logic. I don't want to directly edit the auto-generated data model because my customizations will be lost when I regenerate it. Also, I don't see any way to derive from these auto-generated classes and override the Insert and Delete behaviours. Another problem I have, is that there will be some logic that is shared by all of these data classes, and I don't see any single place where I can control the Select, Insert, Delete, Update for all tables.

Can anyone suggest to me how I can correctly tier my application using Dynamic Data? Perhaps Dynamic Data isn't even the right technology for me to use.

Answer 1

User-1005219520 posted

>> I don't want to directly edit the auto-generated data model because my customizations will be lost when I regenerate it.

Take a look at Customizing Validation for All Data Fields by Using a Partial-Class Method in the ADO.NET Entity Framework  in the topic How to: Customize Data Field Validation in the Data Model  Much of your business logic will be in partial classes.

Some changes need to be made in the auto generated data model (such as setting StoreGeneratedPattern="Computed" ) - Then next version of EF hopes to have the ability to save these changes in a file that persists when the model is regenerated.

We have a new preview sample posting on codeplex (hopefully this week) that has a bussiness logic sample in it.

Steve has a security/role sample  and Michael has at Click HERE to go to the sample page and scroll down to the section “Secure Dynamic Data”. Enjoy!

Answer 2

User357812854 posted

You can refer to this post http://forums.asp.net/t/1343958.aspx for the security related questions.

It could help.

 

Answer 3

User-1891342264 posted

Thanks for the links!

I have further analyzed the samples and have determined the following:

• The security is implemented in the template files (List.aspx, Insert.aspx, etc). From my point of view, this is a problem because if a new template is added, then the same security measures have to be applied there as well. The security is NOT close to the data model. I'm not sure how big of a problem this is, however.
  
• Additional validation can be performed by extending the partial classes of the auto-generated data model. This is fine, and is a good place to do this.

My understanding is that Dynamic Data is a 2-layered architecture. Presentation Layer (eg - template files) and Data Access Layer (The Data Model classes). Security must be implemented in the Presentation Layer, validation must be done in the Data Access Layer, and the business logic must be done either in the Presentation Layer or the Data Access Layer depending on what the logic is.

Does my assessment sound correct?

I need to present my findings soon so my development team can decide on what technologies to use.