marcofranssen/CategoryController.cs

## CategoryController.cs
public class CategoryController
{
    [HttpGet]
    public ActionResult AddNewCategory()
    {
        return View(new CategoryModel());
    }

    [HttpPost]
    public ActionResult AddNewCategory(CategoryModel model)
    {
        if (!ModelState.IsValid) return View(model);
        //Save the data etc...
        return RedirectToAction("AddNewCategory");
    }

    //Other actions
}

## FluenSecuritySetupTests.cs
[TestFixture]
public class FluenSecuritySetupTests
{
    [SetUp]
    public void SetUp()
    {
        BootStrapper.BootUp();
    }

    [Test]
    public void anonymous_access_should_be_allowed_for_the_logon_and_home_index_actions()
    {
        var results = SecurityConfiguration.Current.Verify(expectations =>
        {
            expectations.Expect<UserController>(c => c.LogOn(string.Empty)).Has<IgnorePolicy>();
            expectations.Expect<HomeController>(c => c.Index()).Has<IgnorePolicy>();
        });

        Assert.That(results.Valid(), results.ErrorMessages());
    }

    [Test]
    public void adding_a_new_catogegory_requires_a_system_administrator_role()
    {
        var results = SecurityConfiguration.Current.Verify(expectations =>
        {
            expectations.Expect<CategoryController>(c => c.AddNewCategory()).Has(new RequireRolePolicy(AppRoles.SystemAdministrator));
            expectations.Expect<CategoryController>(c => c.AddNewCategory(null)).Has(new RequireRolePolicy(AppRoles.SystemAdministrator));
        });

        Assert.That(results.Valid(), results.ErrorMessages());
    }
}

## Global.asax.cs
public class MvcApplication : HttpApplication
{
    public static IWindsorContainer Container { get; private set; }

    protected void Application_Start()
    {
        SecurityBootstrapper.BootUp();

        Container = new WindsorContainer().Install(FromAssembly.This());

        AreaRegistration.RegisterAllAreas();
        RegisterGlobalFilters(GlobalFilters.Filters);
        RegisterRoutes(RouteTable.Routes);
    }

    //Other members left for brevity...
}

## PolicyViolationHandlers.cs
public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {
        //Log the violation, send mail etc. etc.
        return new HttpUnauthorizedResult(exception.Message);
    }
}

public class RequireRolePolicyViolationHandler : IPolicyViolationHandler
{
    public ActionResult Handle(PolicyViolationException exception)
    {
        //Log the violation, send mail etc. etc.
        var rvd = new RouteValueDictionary(new
        {
            area = "",
            controller = "Error",
            action = "HttpForbidden",
            statusDescription = exception.Message
        });
        return new RedirectToRouteResult(rvd);
    }
}

## SecurityBootstrapper.cs
public static class SecurityBootstrapper
{
    public static void BootUp()
    {
        SecurityConfigurator.Configure(configuration =>
        {
            configuration.ResolveServicesUsing(type => BootStrapper.Container.ResolveAll(type).Cast<object>());

            configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
            configuration.GetRolesFrom(Roles.GetRolesForUser);

            configuration.ForAllControllersInAssembly(typeof(HomeController).Assembly).DenyAnonymousAccess();
            configuration.For<HomeController>(c => c.Index()).Ignore();
            configuration.For<UserController>(c => c.LogOn()).Ignore();
            configuration.For<UserController>(c => c.ResetPassword()).RequireRole(AppRoles.UserAdministrator);
            configuration.For<CategoryController>(c => c.AddNewCategory()).RequireRole(AppRoles.SystemAdministrator);
            configuration.For<CategoryController>(c => c.AddNewCategory(null)).RequireRole(AppRoles.SystemAdministrator);
        }
    }
}

## SecurityBootstrapperEmpty.cs
public static class SecurityBootstrapper
{
    public static void BootUp()
    {
        //Here we will configure our security later on...
    }
}

## WindsorInstaller.cs
public class WindsorInstaller : IWindsorInstaller
{
    public void Install(IWindsorContainer container, IConfigurationStore store)
    {
        container.Register(AllTypes.FromThisAssembly().BasedOn(typeof(IPolicyViolationHandler)).Configure(h => h.LifeStyle.Singleton));
    }
}
	public class CategoryController
	{
	[HttpGet]
	public ActionResult AddNewCategory()
	{
	return View(new CategoryModel());
	}

	[HttpPost]
	public ActionResult AddNewCategory(CategoryModel model)
	{
	if (!ModelState.IsValid) return View(model);
	//Save the data etc...
	return RedirectToAction("AddNewCategory");
	}

	//Other actions
	}
	[TestFixture]
	public class FluenSecuritySetupTests
	{
	[SetUp]
	public void SetUp()
	{
	BootStrapper.BootUp();
	}

	[Test]
	public void anonymous_access_should_be_allowed_for_the_logon_and_home_index_actions()
	{
	var results = SecurityConfiguration.Current.Verify(expectations =>
	{
	expectations.Expect<UserController>(c => c.LogOn(string.Empty)).Has<IgnorePolicy>();
	expectations.Expect<HomeController>(c => c.Index()).Has<IgnorePolicy>();
	});

	Assert.That(results.Valid(), results.ErrorMessages());
	}

	[Test]
	public void adding_a_new_catogegory_requires_a_system_administrator_role()
	{
	var results = SecurityConfiguration.Current.Verify(expectations =>
	{
	expectations.Expect<CategoryController>(c => c.AddNewCategory()).Has(new RequireRolePolicy(AppRoles.SystemAdministrator));
	expectations.Expect<CategoryController>(c => c.AddNewCategory(null)).Has(new RequireRolePolicy(AppRoles.SystemAdministrator));
	});

	Assert.That(results.Valid(), results.ErrorMessages());
	}
	}
	public class MvcApplication : HttpApplication
	{
	public static IWindsorContainer Container { get; private set; }

	protected void Application_Start()
	{
	SecurityBootstrapper.BootUp();

	Container = new WindsorContainer().Install(FromAssembly.This());

	AreaRegistration.RegisterAllAreas();
	RegisterGlobalFilters(GlobalFilters.Filters);
	RegisterRoutes(RouteTable.Routes);
	}

	//Other members left for brevity...
	}
	public class DenyAnonymousAccessPolicyViolationHandler : IPolicyViolationHandler
	{
	public ActionResult Handle(PolicyViolationException exception)
	{
	//Log the violation, send mail etc. etc.
	return new HttpUnauthorizedResult(exception.Message);
	}
	}

	public class RequireRolePolicyViolationHandler : IPolicyViolationHandler
	{
	public ActionResult Handle(PolicyViolationException exception)
	{
	//Log the violation, send mail etc. etc.
	var rvd = new RouteValueDictionary(new
	{
	area = "",
	controller = "Error",
	action = "HttpForbidden",
	statusDescription = exception.Message
	});
	return new RedirectToRouteResult(rvd);
	}
	}
	public static class SecurityBootstrapper
	{
	public static void BootUp()
	{
	SecurityConfigurator.Configure(configuration =>
	{
	configuration.ResolveServicesUsing(type => BootStrapper.Container.ResolveAll(type).Cast<object>());

	configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
	configuration.GetRolesFrom(Roles.GetRolesForUser);

	configuration.ForAllControllersInAssembly(typeof(HomeController).Assembly).DenyAnonymousAccess();
	configuration.For<HomeController>(c => c.Index()).Ignore();
	configuration.For<UserController>(c => c.LogOn()).Ignore();
	configuration.For<UserController>(c => c.ResetPassword()).RequireRole(AppRoles.UserAdministrator);
	configuration.For<CategoryController>(c => c.AddNewCategory()).RequireRole(AppRoles.SystemAdministrator);
	configuration.For<CategoryController>(c => c.AddNewCategory(null)).RequireRole(AppRoles.SystemAdministrator);
	}
	}
	}
	public static class SecurityBootstrapper
	{
	public static void BootUp()
	{
	//Here we will configure our security later on...
	}
	}
	public class WindsorInstaller : IWindsorInstaller
	{
	public void Install(IWindsorContainer container, IConfigurationStore store)
	{
	container.Register(AllTypes.FromThisAssembly().BasedOn(typeof(IPolicyViolationHandler)).Configure(h => h.LifeStyle.Singleton));
	}
	}