Web Application Web Layer

The Web Layer should be kept fairly thin. Most of the logic should be handled by the Business Layer with the Web Layer concentrating on the Presentation and User Input/Requests.

Authentication
The Web Layer contains our own extension of the FormsAuthentication built into dotnet. We have our own IMhPrincipal which extends System.Security.Principal.IPrincipal in the Core layer.

The LoginController to process requests for login and set the appropriate authentication cookie.

The Application_PostAuthenticateRequest method in Global.asax is called on each request and checks for the presence of the authentication cookie and, if found, will use it to create the MHPrincipal object and assign it to HttpContext.Current.User.

We are able to use the built in [Authorize] / [AllowAnonymous] attributes on Controllers/Actions to define if a user is allowed access to that page and redirect them to the login page if necessary.

We define in the global.asax RegisterGlobalFilters method that every controller has the [Authorize] attribute by default so every Controller/Action will redirect unauthorised users to the Login page unless it has the [AllowAnonymous] attribute.

Dependency Injection/Inversion of Control
The DI to define where the implentation of the Data Repositories/Business Services are is being done by the Castle Winsor IoC container.

There is a call in global.asax Application_Start that tells the dotnet MVC framework to use the WindsorControllerFactory intead of the default when creating an instance of any Controller.

The constructor for each controller takes the Business Services it needs as arguments and stores them as class variables, e.g. private readonly ILoginService _loginService;

public LoginController(ILoginService loginService)

{

_loginService = loginService;

}

When the WindsorControllerFactory creates an instance of this Controller it uses the definition in the ServiceInstaller to know where the implementation of ILoginService is. It can then create a instance of the ILoginService to pass into the Controller's constructor.

In our application the Business Services each take an IUnitOfWorkFactory as an argument so as to give an implementation of the Unit of Work/Data Repositories it needs.

When the WindsorControllerFactory uses the definition in the ServiceInstaller to create an ILoginService to pass into the Controller's constructor it also uses the definition in the UnitOfWorkInstaller to know where the implementation of IUnitOfWorkFactory is that it can use to pass to the ILoginService constructor.

At which point the Windsor container has told the Controller (Web Layer) where the Services are (Business Layer) and the Services (Business Layer) where the Unit of Work/Data Respositories are (Data Layer)