How do you handle with field/property level security?

When you bind properties to a view how do you handle the properties visibility and edibility for users and ob开发者_开发技巧ject state? I have seen several examples of using an authorized attribute on the poco's property. But this does not seem flexible.

The best that I could come up with was to store this display information in a dictionary the view could reference. Any better solutions out there?

In WPF, there are some options for this that give you a lot more flexibility. You can easily have properties in a ViewModel that correspond to the current visibility/editability of a property or group of properties, and use data binding to set the corresponding visisbility/editability state of the controls bound to the individual properties.

You can also take this a step further, and implement separate views for each "role" in your scenario. This is the most powerful approach, as you can completely customize the UI for a screen based on the user's business role. Instead of having invisible portions of the UI - you just swap out a different UI by putting in a different View. The same business logic can be embedded in the ViewModel and Model layers of the application - all that's required it plugging in the appropriate View.