We have a lot of services, some that demand some security, some that don't. We want an easy way of telling, in code, if a service will be secure or not.
What would be the better way: Annotation or inheritance?
public class SomeServiceImplementation : BaseSecureService, ISomeService or
[SecureService] public class SomeServiceImplementaion : ISomeService Use annotations
Security is generally considered a cross-cutting concern so an inheritance path is generally unsuitable for this purpose.
As you said marking services. in the question the answer is annotations / attributes.
C# attributes can be placed on entities in your source code to specify additional information.
This seems to fit what you need.
If each entity were required to provide certain functions to participate in the security then it would be best to use an interface.
