Adding Authorization to Business Layers

Scott Guthrie has written a great article on adding authorization attributes and security attributes to classes and their methods. The basic design principle behind this pattern is to ensure that each class becomes responsible for ensuring that it can't be called unless the user has some security context. Thus, if the UI has a hole, the class itself will check for the permission and security context of the calling user.

Trick- Adding Authorization Rules to Business and Data Layers using PrincipalPermissionAttribute