SlideShare a Scribd company logo

Architecting C Sharp for Cross Cutting Concerns

Download as PPTX, PDF
Mike Byrne
Mike Byrne

An overview of using method interception with Autofac to address cross-cutting technology concerns such as security, logging, error handling, and instrumentation in C# .Net with aspect oriented programming and proxy pattern

Technology
1 of 16
Inspired Software Solutions. Measurable Results. Architecting C# for Cross-Cutting Concerns Method Interception using Castle Dynamic Proxy Michael Byrne Practice Director https://www.linkedin.com/in/mikebyrne/
Inspired Software Solutions. Measurable Results. Application Architecture Challenges • On large projects, we want all developers to follow standard approaches to cross-cutting concerns • Security • Logging • Error Handling • Instrumentation
Inspired Software Solutions. Measurable Results. Entropy in Software Systems • Following or inventing new patterns in a large system can result in unintended problems • For security • Leakage of multi-tenant data • Failure to enforce proper security checks • Privilege escalation • Logging • Non-uniform approach • Error Handling • Non-uniform handling • Parameter checks • Lehman’s Second Law - Software entropy drives systems towards more complexity (unless work is done to maintain or reduce it)
Inspired Software Solutions. Measurable Results. Architecture Design vs Development • Both Developers and Architects can write code • Developers write code for getting software features built • Architects design and write code which reduces risk by encouraging (and sometimes compelling) following the guidelines of the application architecture, so that unintended consequences can be mitigated or avoided completely
Inspired Software Solutions. Measurable Results. Security as a Cross-Cutting Concern • The samples are simplified from real code and projects for illustration • They are NOT meant to be a complete solution.
Security in Controller? If you see blocks of code like this in your application… You have a problem. You are relying on each member of your development team to properly apply a copy- and-paste security architecture for each function in your application. (Also Note the copy-paste errors on line 27 with the controller and method name!) Lots of code, but no business logic is a symptom of a cross-cutting concern.
Anti-Pattern: Copy- Paste Coding As application complexity increases, the number of places where copy-paste code is applied increases, and as the number of developers performing copy-paste operations increases, The probability for transcription errors increases. Changes must be applied and maintained in an ever increasing number or locations. See Lehman’s Second Law - Software entropy drives systems towards more complexity (unless work is done to maintain or reduce it) Comment out security… just until I get everything else working I’ll pull and copy Jerry’s work. It looks like what I need. I have to get the new API done tonight, I’ll copy this one
Inspired Software Solutions. Measurable Results. Security is a Cross-Cutting Concern • It has be enforced in many areas of the application • But we do not want to rewrite it in many places, since that will lead to errors • Previous example, lots of code, but no business logic
Inspired Software Solutions. Measurable Results. How can we solve cross-cutting problems? • Aspect oriented programming • Proxy pattern
Inspired Software Solutions. Measurable Results. Architecture Diagram Client ISearchService DoSearch() SearchService DoSearch() Autofac DI Generate Proxy IServiceInterceptor SearchServiceProxy Custom Interceptor Code Castle Proxy generates a proxy class around each service. Each interceptor in the pipeline is called, eventually calling the proxied object. Results are passed back up the pipeline to the client.
Aspect Oriented Programming In C# we create a custom attribute so that we can decorate a method to indicate what security claims (View, Insert, Update, Delete) need to be applied. In this case we also supply an AllowAny flag to indicate whether all the claims are required (View and Delete) or any of the claims are required (Insert or Update).
Service Interceptor Next we add a class implementing the Autofac Castle Dynamic Proxy IInterceptor interface. This class uses reflection to make sure the method we are calling is decorated with a ClaimsPermission. In this case we are using a method on the BaseService to check our security claims authorizations (lines 23-28) This forces all developers to explicitly apply a ClaimsPermission to methods called through the Proxy (lines 31-32)
Service Registration In our Autofac RegisterServices process We register all our services with the ServiceInterceptor (here they are all decorated with an IContractService interface) And register the ServiceInterceptor itself with Autofac
Apply to a Service All the services inherit from IContractService to support Autofac Dependency Injection registration. On our Search method, security checks can now be implemented using our custom ClaimsPermission attribute, and will be automatically checked and enforced by the ServiceInteceptor
Inspired Software Solutions. Measurable Results. Method Interception Best Practices • Use multiple interceptors to address different cross-cutting concerns • Use different interface definitions for to enable different interceptors • Use these only for cross-cutting concerns, not one-off items • Don’t use for any one-off code implementations • Use method interception to enforce architecture guidelines • Consider using pros and cons of allowing by-pass of an interceptor depending on it’s purpose (e.g for convenience methods such as parameter validation)
Inspired Software Solutions. Measurable Results. Summary • Method Interception based on Attributes and Castle Proxy IInterceptor can provide a uniform way for development teams to cleanly handle cross-cutting concerns • Security • Logging • Error Handling • Instrumentation • Other areas depending on the application • Teams can check attributes to make sure code is properly decorated to enforce certain behaviors

Recommended

Performance Testing Internet of Things
Performance Testing Internet of ThingsPerformance Testing Internet of Things
Performance Testing Internet of ThingsSTePINForum
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningSTePINForum
 
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingAgile Testing Alliance
 
Embedded world 2017
Embedded world 2017Embedded world 2017
Embedded world 2017ChantalWauters
 
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...STePINForum
 
Geekit_Testing_Services-3
Geekit_Testing_Services-3Geekit_Testing_Services-3
Geekit_Testing_Services-3Sally Mohamed
 
Jenkins Test Automation with codeBeamer ALM
Jenkins Test Automation with codeBeamer ALMJenkins Test Automation with codeBeamer ALM
Jenkins Test Automation with codeBeamer ALMIntland Software GmbH
 
E-AEGIS
E-AEGISE-AEGIS
E-AEGISAashiq Ahamed N
 

Recommended

Performance Testing Internet of Things
Performance Testing Internet of ThingsPerformance Testing Internet of Things
Performance Testing Internet of ThingsSTePINForum
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningSTePINForum
 
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingAgile Testing Alliance
 
Embedded world 2017
Embedded world 2017Embedded world 2017
Embedded world 2017ChantalWauters
 
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...STePINForum
 
Geekit_Testing_Services-3
Geekit_Testing_Services-3Geekit_Testing_Services-3
Geekit_Testing_Services-3Sally Mohamed
 
Jenkins Test Automation with codeBeamer ALM
Jenkins Test Automation with codeBeamer ALMJenkins Test Automation with codeBeamer ALM
Jenkins Test Automation with codeBeamer ALMIntland Software GmbH
 
E-AEGIS
E-AEGISE-AEGIS
E-AEGISAashiq Ahamed N
 
Connect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deckConnect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deckGregor Vogrin
 
Reducing External Risk
Reducing External RiskReducing External Risk
Reducing External RiskDonald Belcham
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assuranceOllie Whitehouse
 
Test Strategies in Microservices
Test Strategies in MicroservicesTest Strategies in Microservices
Test Strategies in MicroservicesMesut Özen
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
Doing Security Testing in Agile with ease
Doing Security Testing in Agile with easeDoing Security Testing in Agile with ease
Doing Security Testing in Agile with easeKarundeep Gill
 
ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization Agile Testing Alliance
 
Test Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You ExposedTest Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You ExposedSmartBear
 
Splitting The Check On Compliance and Security
Splitting The Check On Compliance and SecuritySplitting The Check On Compliance and Security
Splitting The Check On Compliance and SecurityNew Relic
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of LifeMelissa Benua
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 
How To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareHow To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareErika Barron
 
Monitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspectiveMonitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspectiveDevOpsProdigy
 
Sast 2021
Sast 2021Sast 2021
Sast 2021Felix Dobslaw
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwarePerforce
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesKasun Kodagoda
 
Software Myths
Software MythsSoftware Myths
Software MythsRajat Bajaj
 
Utility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDDUtility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDDXP Conference India
 
Continuous integration with Drone.IO
Continuous integration with Drone.IOContinuous integration with Drone.IO
Continuous integration with Drone.IOHoffman Lab
 
1506.08725v1
1506.08725v11506.08725v1
1506.08725v1Sandeep Sivanandan
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 

More Related Content

What's hot

Connect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deckConnect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deckGregor Vogrin
 
Reducing External Risk
Reducing External RiskReducing External Risk
Reducing External RiskDonald Belcham
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assuranceOllie Whitehouse
 
Test Strategies in Microservices
Test Strategies in MicroservicesTest Strategies in Microservices
Test Strategies in MicroservicesMesut Özen
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
Doing Security Testing in Agile with ease
Doing Security Testing in Agile with easeDoing Security Testing in Agile with ease
Doing Security Testing in Agile with easeKarundeep Gill
 
ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization Agile Testing Alliance
 
Test Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You ExposedTest Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You ExposedSmartBear
 
Splitting The Check On Compliance and Security
Splitting The Check On Compliance and SecuritySplitting The Check On Compliance and Security
Splitting The Check On Compliance and SecurityNew Relic
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of LifeMelissa Benua
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 
How To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareHow To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareErika Barron
 
Monitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspectiveMonitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspectiveDevOpsProdigy
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwarePerforce
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesKasun Kodagoda
 
Utility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDDUtility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDDXP Conference India
 
Continuous integration with Drone.IO
Continuous integration with Drone.IOContinuous integration with Drone.IO
Continuous integration with Drone.IOHoffman Lab
 

What's hot (20)

Connect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deckConnect Bridge - Basic intoduction deck
Connect Bridge - Basic intoduction deck
 
Reducing External Risk
Reducing External RiskReducing External Risk
Reducing External Risk
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assurance
 
Test Strategies in Microservices
Test Strategies in MicroservicesTest Strategies in Microservices
Test Strategies in Microservices
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
 
Doing Security Testing in Agile with ease
Doing Security Testing in Agile with easeDoing Security Testing in Agile with ease
Doing Security Testing in Agile with ease
 
ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization ATAGTR2017 Batch Workload Modelling and Performance Optimization
ATAGTR2017 Batch Workload Modelling and Performance Optimization
 
Test Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You ExposedTest Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
Test Smarter: Efficient Coverage Metrics That Won't Leave You Exposed
 
Splitting The Check On Compliance and Security
Splitting The Check On Compliance and SecuritySplitting The Check On Compliance and Security
Splitting The Check On Compliance and Security
 
Continuous Integration as a Way of Life
Continuous Integration as a Way of LifeContinuous Integration as a Way of Life
Continuous Integration as a Way of Life
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
How To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareHow To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty Software
 
Monitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspectiveMonitoring microservice applications: An SRE’s perspective
Monitoring microservice applications: An SRE’s perspective
 
Sast 2021
Sast 2021Sast 2021
Sast 2021
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty Software
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery Pipelines
 
Software Myths
Software MythsSoftware Myths
Software Myths
 
Utility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDDUtility of Test Coverage Metrics in TDD
Utility of Test Coverage Metrics in TDD
 
Continuous integration with Drone.IO
Continuous integration with Drone.IOContinuous integration with Drone.IO
Continuous integration with Drone.IO
 

Similar to Architecting C Sharp for Cross Cutting Concerns

How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpseG Innovations
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisCheckmarx
 
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...Make synthetic monitoring a critical part of your IT monitoring strategy: Why...
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...eG Innovations
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code EverywhereMatt Ray
 
React commonest security flaws and remedial measures!
React commonest security flaws and remedial measures!React commonest security flaws and remedial measures!
React commonest security flaws and remedial measures!Shelly Megan
 
Application of Data Mining Techniques for Improving Continuous Integration
Application of Data Mining Techniques for Improving Continuous IntegrationApplication of Data Mining Techniques for Improving Continuous Integration
Application of Data Mining Techniques for Improving Continuous IntegrationDr. Amarjeet Singh
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
 
Presentation Verification & Validation
Presentation Verification & ValidationPresentation Verification & Validation
Presentation Verification & ValidationElmar Selbach
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production ReadinessAmazon Web Services
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsCheckmarx
 
Agile Development Ultimate Slides
Agile Development Ultimate SlidesAgile Development Ultimate Slides
Agile Development Ultimate Slidesgilashikwa
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 

Similar to Architecting C Sharp for Cross Cutting Concerns (20)

1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
End to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOpsEnd to-End Monitoring for ITSM and DevOps
End to-End Monitoring for ITSM and DevOps
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code Analysis
 
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...Make synthetic monitoring a critical part of your IT monitoring strategy: Why...
Make synthetic monitoring a critical part of your IT monitoring strategy: Why...
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
 
React commonest security flaws and remedial measures!
React commonest security flaws and remedial measures!React commonest security flaws and remedial measures!
React commonest security flaws and remedial measures!
 
Rewriter_whole
Rewriter_wholeRewriter_whole
Rewriter_whole
 
Application of Data Mining Techniques for Improving Continuous Integration
Application of Data Mining Techniques for Improving Continuous IntegrationApplication of Data Mining Techniques for Improving Continuous Integration
Application of Data Mining Techniques for Improving Continuous Integration
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API Protection
 
Resume
ResumeResume
Resume
 
Presentation Verification & Validation
Presentation Verification & ValidationPresentation Verification & Validation
Presentation Verification & Validation
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production Readiness
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOps
 
Agile Development Ultimate Slides
Agile Development Ultimate SlidesAgile Development Ultimate Slides
Agile Development Ultimate Slides
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Architecting C Sharp for Cross Cutting Concerns

  • 1. Inspired Software Solutions. Measurable Results. Architecting C# for Cross-Cutting Concerns Method Interception using Castle Dynamic Proxy Michael Byrne Practice Director https://www.linkedin.com/in/mikebyrne/
  • 2. Inspired Software Solutions. Measurable Results. Application Architecture Challenges • On large projects, we want all developers to follow standard approaches to cross-cutting concerns • Security • Logging • Error Handling • Instrumentation
  • 3. Inspired Software Solutions. Measurable Results. Entropy in Software Systems • Following or inventing new patterns in a large system can result in unintended problems • For security • Leakage of multi-tenant data • Failure to enforce proper security checks • Privilege escalation • Logging • Non-uniform approach • Error Handling • Non-uniform handling • Parameter checks • Lehman’s Second Law - Software entropy drives systems towards more complexity (unless work is done to maintain or reduce it)
  • 4. Inspired Software Solutions. Measurable Results. Architecture Design vs Development • Both Developers and Architects can write code • Developers write code for getting software features built • Architects design and write code which reduces risk by encouraging (and sometimes compelling) following the guidelines of the application architecture, so that unintended consequences can be mitigated or avoided completely
  • 5. Inspired Software Solutions. Measurable Results. Security as a Cross-Cutting Concern • The samples are simplified from real code and projects for illustration • They are NOT meant to be a complete solution.
  • 6. Security in Controller? If you see blocks of code like this in your application… You have a problem. You are relying on each member of your development team to properly apply a copy- and-paste security architecture for each function in your application. (Also Note the copy-paste errors on line 27 with the controller and method name!) Lots of code, but no business logic is a symptom of a cross-cutting concern.
  • 7. Anti-Pattern: Copy- Paste Coding As application complexity increases, the number of places where copy-paste code is applied increases, and as the number of developers performing copy-paste operations increases, The probability for transcription errors increases. Changes must be applied and maintained in an ever increasing number or locations. See Lehman’s Second Law - Software entropy drives systems towards more complexity (unless work is done to maintain or reduce it) Comment out security… just until I get everything else working I’ll pull and copy Jerry’s work. It looks like what I need. I have to get the new API done tonight, I’ll copy this one
  • 8. Inspired Software Solutions. Measurable Results. Security is a Cross-Cutting Concern • It has be enforced in many areas of the application • But we do not want to rewrite it in many places, since that will lead to errors • Previous example, lots of code, but no business logic
  • 9. Inspired Software Solutions. Measurable Results. How can we solve cross-cutting problems? • Aspect oriented programming • Proxy pattern
  • 10. Inspired Software Solutions. Measurable Results. Architecture Diagram Client ISearchService DoSearch() SearchService DoSearch() Autofac DI Generate Proxy IServiceInterceptor SearchServiceProxy Custom Interceptor Code Castle Proxy generates a proxy class around each service. Each interceptor in the pipeline is called, eventually calling the proxied object. Results are passed back up the pipeline to the client.
  • 11. Aspect Oriented Programming In C# we create a custom attribute so that we can decorate a method to indicate what security claims (View, Insert, Update, Delete) need to be applied. In this case we also supply an AllowAny flag to indicate whether all the claims are required (View and Delete) or any of the claims are required (Insert or Update).
  • 12. Service Interceptor Next we add a class implementing the Autofac Castle Dynamic Proxy IInterceptor interface. This class uses reflection to make sure the method we are calling is decorated with a ClaimsPermission. In this case we are using a method on the BaseService to check our security claims authorizations (lines 23-28) This forces all developers to explicitly apply a ClaimsPermission to methods called through the Proxy (lines 31-32)
  • 13. Service Registration In our Autofac RegisterServices process We register all our services with the ServiceInterceptor (here they are all decorated with an IContractService interface) And register the ServiceInterceptor itself with Autofac
  • 14. Apply to a Service All the services inherit from IContractService to support Autofac Dependency Injection registration. On our Search method, security checks can now be implemented using our custom ClaimsPermission attribute, and will be automatically checked and enforced by the ServiceInteceptor
  • 15. Inspired Software Solutions. Measurable Results. Method Interception Best Practices • Use multiple interceptors to address different cross-cutting concerns • Use different interface definitions for to enable different interceptors • Use these only for cross-cutting concerns, not one-off items • Don’t use for any one-off code implementations • Use method interception to enforce architecture guidelines • Consider using pros and cons of allowing by-pass of an interceptor depending on it’s purpose (e.g for convenience methods such as parameter validation)
  • 16. Inspired Software Solutions. Measurable Results. Summary • Method Interception based on Attributes and Castle Proxy IInterceptor can provide a uniform way for development teams to cleanly handle cross-cutting concerns • Security • Logging • Error Handling • Instrumentation • Other areas depending on the application • Teams can check attributes to make sure code is properly decorated to enforce certain behaviors