c# - Beginner here: How does my Repository Layer know which user is logged in? -


i know super novice question, i'm having tough time understanding this. i'm implementing websecurity in n-tier application. i've placed websecurity code in repository layer (closest db layer).

i have code this:

public bool login(string username, string password, bool rememberme)     {         return websecurity.login(username, password, rememberme);     }  public void logout()     {         websecurity.logout();     } 

websecurity doesn't need know context logging in - pass parameters. logging out? 10 users logging out, how code right here know user log out? context of user somehow pushed way down repository layer, browser client api controller, through services layer?

your repository layer shouldn't know user logged in. repository layer shouldn't know there is user. of authentication should handled web application - web application then, having authenticated user, accesses repository layer, whatever it's told , doesn't concern authentication.

update: john saunders points out, not tie web application membership database/tables membership system using. if tightly-coupled you, think defining imembershipservice interface, pass controllers' constructors (potentially via dependency injection). create concrete implementation of imembershipservice implements login , logout via websecurity.

this way, if decide want implement membership in different way, restriction replacement membership service must implement imembershipservice - can change technology , data structures entirely , web application none wiser.


Comments

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

keyboard - Smiles and long press feature in Android -

node.js - Bad Request - node js ajax post -