authorization for c# winforms applications

S

sklett

I have been doing some initial research for authentication and authorization
options for our next round of apps. I found an article in MSDN magazine
that involved using MS Authorization Manager AKA: AzMan, I'm still looking
into azman. I have also done authentication and authorization with asp.net
in the past, I don't recall the classes that I used, but I think they were
specific to asp.net. I would like to use a SqlServer back end for our user
data. We don't need any AD integration. We basically just need a simple
user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve
 
G

Guest

Hi Steve,
if I was you I would look into the Principal and Identity concept inside
the System.Security.Principal namespace. Basically an identity says who this
person is and if they have been authenticated and a principal links an
identity to a collection of roles. There is an IIdentity and IPrincipal
interface plus a couple of concrete implementations of these interfaces that
are in the framework like WindowsPrincipal or a GenericPrincipal.

You can then set the Principal information in the current thread, using the:
System.Threading.Thread.CurrentPrincipal property. This way you can easily
pass round the users identity and role information throughout your
application.

Hope that gives you a starting point.

Mark Dawson
http://www.markdawson.org
 
S

sklett

After further review, AzMan isn't an option as not all of the users of our
system will be in our active directory and it appears that AzMan doesn't
support localized, non windows user accounts. In other words, there is no
"Create new user" option in AzMan.

This is too bad, I really liked the nested approach they use, very
efficient.
 
G

Guest

Hi Steve,
if I was you I would look into the Principal and Identity concept inside
the System.Security.Principal namespace. Basically an identity says who this
person is and if they have been authenticated and a principal links an
identity to a collection of roles. There is an IIdentity and IPrincipal
interface plus a couple of concrete implementations of these interfaces that
are in the framework like WindowsPrincipal or a GenericPrincipal.

You can then set the Principal information in the current thread, using the:
System.Threading.Thread.CurrentPrincipal property. This way you can easily
pass round the users identity and role information throughout your
application.

Hope that gives you a starting point.

Mark Dawson
http://www.markdawson.org
 
S

sklett

Hi Mark,

Thank you for your post! I believe these are the two interfaces that I used
when I developed the asp.net application. It sounds like from what you have
said that I'm not limited to using them with just the WebForms side of
things. I will find some good examples and tutorials and give this a real
look. Thank you again for your post.

Have a good night,
Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Form based authentication fails for .de 1
C# and Memory-mapped files 1
Provide a link to a secure website from a WinForms application 3
Forms Authentication / Role based security 1
asp.net windows authentication 3
Blocking Direct URL Access through web config 1
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond applicat 1
Login page won't redirect to a Register (new account) page 3

Top