A pattern that’s regularly used with FubuMVC is the one model in, one model out pattern. This is also known as OMIOMO and, my personal favorite, the “thunderdome” pattern. It took me a little while to understand why this pattern is in place and seems to be a gotcha when I come back to FubuMVC after an extended period of time. I’m going to write about why I use this pattern, to document it for both others, and my future self.
When it comes to authorization, FubuMVC is very powerful in letting you setup extremely customizable rules for deciding who has access to what. Luckily, Joshua Arnold was able to help me get these rules setup and I’d like to document the process for everyone else.
In this post, I’ll be going over how to write a custom authorization rule to keep users from being able to edit another user’s blog post in a simple blogging application. I’ll do this by plugging into the authorization facilities built into FubuMVC.
If you’re using FubuMVC and your site requires users to login, you’ll probably want to use the built in authentication facilities that FubuMVC provides. In this post, I’ll attempt to explain how this works.
I’m going to write an authentication convention to block access to certain actions from unauthenticated users.