Custom Role Based Security

Boris Condarco

Hi gurus,

I was reading some documentation about security in .NET Framework, it
mention that it is possible to make custom Role Based security for example:
check the authentication with Windows Integrated and once do that, create a
Generic Identity in orde to create a Generic Principal with custom roles for
that user. Finally, replace the current Principal to the new Generic
Principal.

Is it possible to do this in an ASP.NET application?, If yes, Does someone
of you can share a little code?, i would really apreciate it... :-)

Thanks in advance.

Boris.

Nov 18 '05 #1

Subscribe Reply

4980

Michel André

Look at
"Designing Application-Managed Authorization"
http://msdn.microsoft.com/library/de...html/damaz.asp
Basically set the HttpContext.Cur rent.User to you own IPrincipal
implementation in Global.asax Application_Aut henticateReques t method.

/Michel

Boris Condarco wrote:

Hi gurus,

I was reading some documentation about security in .NET Framework, it
mention that it is possible to make custom Role Based security for example:
check the authentication with Windows Integrated and once do that, create a
Generic Identity in orde to create a Generic Principal with custom roles for
that user. Finally, replace the current Principal to the new Generic
Principal.

Is it possible to do this in an ASP.NET application?, If yes, Does someone
of you can share a little code?, i would really apreciate it... :-)

Thanks in advance.

Boris.

Nov 18 '05 #2

Tommy

You can definitely perform impersonation in ASP.NET. There are a few
ways to do it. Which approach fits you depends on what level of
security you need.

1. Turn on "Basic authentication" on your virtual directory through
IIS.
Turn on impersonation in your ASP.NET web application through
Web.Config.

2. Use a mix of .NET Framework and Windows API to authenticate the
user's
identity.
Use a mix of .NET Framework and Windows API to check if the user
has
authorization to the resource.

3. Combine "Basic Authentication" , a custom ISAPI filter, and Active
Directory
to authenticate and authorize user's access to resources.

Option #1 requires no code in your part, but it is the least security
approach.

Option #2 requires requires coding with the .NET Framework and Windows
API, but is not too bad. The ASP.NET newsgroup will have plenty of
examples code sample.

Option #3 is the most secure approach among all the options. However,
It requires a lot of coding, especially with the ISAPI filter sinces
it needs to be written in C++.

Tommy,

"Boris Condarco" <bc*******@hotm ail.com> wrote in message news:<O4******* *******@TK2MSFT NGP12.phx.gbl>. ..

Hi gurus,

I was reading some documentation about security in .NET Framework, it
mention that it is possible to make custom Role Based security for example:
check the authentication with Windows Integrated and once do that, create a
Generic Identity in orde to create a Generic Principal with custom roles for
that user. Finally, replace the current Principal to the new Generic
Principal.

Is it possible to do this in an ASP.NET application?, If yes, Does someone
of you can share a little code?, i would really apreciate it... :-)

Thanks in advance.

Boris.

Nov 18 '05 #3

Similar topics

1389

Role Based Security Issue

by: ChrisB | last post by:

Hello: I am a member of a team creating a .NET application, and we seem to have run into an issue when trying to implement role based security. Our application makes use of a fairly common (table based) security model in which privileges are assigned to roles, which are then assigned users. So, for example, the user "JSmith" may be assigned to a "SalesRep" role and as a result have "Add Customer", "View Customer", and "Edit Customer"...

.NET Framework

1174

Custom principles and DnsPermission.Demand()

by: andrew lowe | last post by:

Hi We have windows application and have created our own custom principle & identity objects that implement IPrinciple and IIdentity. When a user logs into our system we set the threads principle to our custom principle object by calling Thread.CurrentPrinciple = blah. This all works great for role based security. BUT lets say i want to run one line of code which causes an imperative security demand: Dns.GetHostName();

C# / C Sharp

3406

debug a custom membership and role provider?

by: Ben R. | last post by:

My website uses a custome membership and role provider. I can use a custom login control and user creation control and can debug my providers while doing so with breakpoints. However, when I launch the asp.net website config tool and go to the security tab, I get a polished screen with the error message: The object refererence is not set to an instance of an object But despite putting breakpoints everywhere in both the roleprovider and...

ASP.NET

1934

Windows Authenticaiton with custom Roles

by: charles | last post by:

Hi, I am trying to port my ASP application to ASP.Net 2.0 My application is sold to large corporations that have many thousands of users. So I do not use Forms authentication. To make it more convenient for them I developed a custom hybrid model of authentication and authorization. You see, the site administrator is often a non-technical person and

ASP.NET

3009

Role-based security for an ASP/ASP.NET mixed environment

by: nugget | last post by:

Role-based security for an ASP/ASP.NET mixed environment Hello: My co-worker and I have been charged with designing role-based security for our intranet. The technologies we have to work with are ASP and ASP.NET. This security design must support *both* technologies. Currently, we have a successful collection of both ASP and ASP.NET applications with an identical look and feel; you'd only know they are different by virtue of an ASP...

ASP / Active Server Pages

2043

AuthenticateToken method not firing in custom X509TokenManager

by: Sid DeLuca | last post by:

I am developing a smart client application that I intend to use role-based authentication using X509 certificates. That is, each client would have a certificate that would uniquely identify them, via mapping of the thumbprint hash on each certificate with a role. I've got my own class that inherits from the X509SecurityTokenManager. When the smart client (Windows App) calls a webmethod, this class is initialized, but the...

.NET Framework

4995

Custom login will not work

by: Jakob Lithner | last post by:

When I started a new ASP project I was eager to use the login facilities offered in Framework 2.0/VS 2005. I wanted: - A custom principal that could hold my integer UserID from the database - An easy way to classify different pages as either Admin, Member or Public, where login is necessary for Admin and Member but not for Public. My idea was to put the pages in different directories to easily keep my order. - An easy menu system that...

ASP.NET

8288

Custom Role Provider give "can't load type error"

by: Alias | last post by:

Hi - I'm trying to implement a custom RoleProvider based on the SqlRoleProvider. I keep receiving a an error that it can't load type 'MyRoleTest.MyRoleProvider' when trying to load my RoleProvider. However this only occurs after deployment. On my local machine it works fine. So I created the most basic role provider project I could think of. It is below: Imports System.Web.Security

ASP.NET

6643

Custom roles based ASP.NET menu

by: =?Utf-8?B?bmVlcmFqYkBub2lkYS5ub3NwYW1oY2x0ZWNoLmNv | last post by:

Hi, I have a question with respect to the security implementation of Menu using sitemap. Normally in the sitemap we can implement role based security but that is based on the Role based functionality provided by ASP.NET. Actually in our site we are using custom roles with our own role management and stuff. So is there a way to hide or show certain elements of the Sitemap in my menu based on the custom roles without using asp.net roles

ASP.NET

9422

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10208

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10038

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9987

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

6662

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5294

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5444

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3558

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2812

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General