Make a Method of the Business Layer secure. best practice / best pattern

Question

We are using ASP.NET with a lot of AJAX \"Page Method\" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page M

Answer 1

If you are using SOA, you can create a Security Service, and each action (method) will send it's context (UserId, OrderId etc.). Security Service knows about business security rules.

Scheme may be something like this

UI -> Security -> BLL -> DAL