Hi,
I am trying to port my ASP application to ASP.Net 2.0
My application is sold to large corporations that have many thousands
of users. So I do not use Forms authentication. To make it more
convenient for them I developed a custom hybrid model of authentication
and authorization.
You see, the site administrator is often a non-technical person and
doesn't have the rights to create Windows Groups or Windows Accounts
or assign Windows Users to Windows Groups.
For this reason, I created a web interface that allows an administrator
to create and edit "Site Roles" (as I call them). All he must do is
associate an existing Windows User Group with the Site Role, and then
decide which security contexts that Site Role may access.
When a user accesses the site, he's authenticated using Windows
Authentication (Integrated). Then in the Session_OnStart event I have
code that determines which Roles that user belongs to and which
Security Contexts that user has permission to. I store these in Session
variables for that user.
If a Windows User is not a member of any Windows Group associated to a
Site Role, they do not get access.
Each page that has security contexts has code that checks the session
variable to make sure that user has access or not to that context. If
not, they are presented with an error message popup after being
redirected to the page they came from (or the default page if no
referrer was found).
What I want to do is build a similar method of authorization in my .Net
application. I know there are many new security features in .Net; I
just haven't learned them all so I can't make an informed decision
as to how to proceed.
Anyone have any suggestions or examples of Windows Authentication but
using custom Role based authorization?
3  1900 
Look through at this articles:- http://aspalliance.com/553 http://msdn2.microsoft.com/en-us/lib...66(VS.80).aspx
Patrick
<ch*****@charlesforsyth.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com... Hi,
I am trying to port my ASP application to ASP.Net 2.0
My application is sold to large corporations that have many thousands
of users. So I do not use Forms authentication. To make it more
convenient for them I developed a custom hybrid model of authentication
and authorization.
You see, the site administrator is often a non-technical person and
doesn't have the rights to create Windows Groups or Windows Accounts
or assign Windows Users to Windows Groups.
For this reason, I created a web interface that allows an administrator
to create and edit "Site Roles" (as I call them). All he must do is
associate an existing Windows User Group with the Site Role, and then
decide which security contexts that Site Role may access.
When a user accesses the site, he's authenticated using Windows
Authentication (Integrated). Then in the Session_OnStart event I have
code that determines which Roles that user belongs to and which
Security Contexts that user has permission to. I store these in Session
variables for that user.
If a Windows User is not a member of any Windows Group associated to a
Site Role, they do not get access.
Each page that has security contexts has code that checks the session
variable to make sure that user has access or not to that context. If
not, they are presented with an error message popup after being
redirected to the page they came from (or the default page if no
referrer was found).
What I want to do is build a similar method of authorization in my .Net
application. I know there are many new security features in .Net; I
just haven't learned them all so I can't make an informed decision
as to how to proceed.
Anyone have any suggestions or examples of Windows Authentication but
using custom Role based authorization?
On 9 Apr 2006 23:40:28 -0700, ch*****@charlesforsyth.com wrote: What I want to do is build a similar method of authorization in my .Net
application. I know there are many new security features in .Net; I
just haven't learned them all so I can't make an informed decision
as to how to proceed.
You may want to look into AuthorizationManager (aka AzMan). It does
basically the same thing you're talking about, without having to write any
code.
Thanks for your replies guys.
I think I have a way to use the Windows user with my own set of custom
Roles. I'm not exactly clear how to impliment the idea yet though.
Note that the application is impersonating domain account so I'm not
using "WindowsIdentity.GetCurrent()" (That would return the
impersonated account name) but instead I'm using "Page.User.Identity"
to get the current logged in user.
Dim myIdentity As WindowsIdentity
Dim myPrincipal As GenericPrincipal 'WindowsPrincipal
Dim UserRoles(1) As String
myIdentity = Page.User.Identity
' ...
' This is where I will test to see which Windows User groups
' this user belongs to, then associate "Roles" for the user
based on those groups
' Each custom "Role" will be a context security such as "allow
publish"
' ...
UserRoles(0) = "Allow Publish"
' Create the identity and the principal
'myIdentity = New GenericIdentity(txtUserName.Text)
myPrincipal = New GenericPrincipal(myIdentity, UserRoles)
' Assign the context
Thread.CurrentPrincipal = myPrincipal
I'm not sure if this will work, but it's my only idea at this point. If
anyone has any ASP.Net 2.0 examples of the above idea in VB I would be
eternally grateful.
I would like to use the new Navigation controls in Visual Studio 2005,
such as the TreeView to provide navigation to users, I'm hoping that I
can use these custom roles to prevent some links from being listed on
the navigation controls. I have no idea how to do that either. :(
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Nick |
last post by:
I am working a new application...well actually a series of applications for
my company. They want internal users to be able to go to a site and
everything regarding security is transparent,...
|
by: bala |
last post by:
hi
there is a custom built menu in an ms access 2000 applications (also xp
application). all the command buttons or bars are going to be visible
but i need to disable and able according the...
|
by: TS |
last post by:
What are my options to implement custom roles and still authenticate with
active directory and windows authentication? I haven't seen any articles
saying how to do it, usually it uses forms...
|
by: lucd |
last post by:
Hello,
I am currently playing with form authentication & role based
security on a web application.
As seen in the starter kit Time tracker, I setup a custom identity
class (CustomPrincipal)...
|
by: Gav |
last post by:
Hi,
I am writing a windows form application (C#) which access's data from an SQL
server. The SQL server is using windows authentication only.
At the moment I have to grant the domain users...
|
by: Jakob Lithner |
last post by:
When I started a new ASP project I was eager to use the login facilities
offered in Framework 2.0/VS 2005.
I wanted:
- A custom principal that could hold my integer UserID from the database
-...
|
by: Matt Adamson |
last post by:
Guys,
I'm unsure how to use windows authentication in an intranet application. I'd
like to user existing windows account to identify users however the issue I
have is how to then add settings to...
|
by: StinkyDuck |
last post by:
Hello,
I am relatively new to ASP.NET 2.0 and have been reading a book and going
through some articles on the internet. When looking for information
regarding membership and roles, I see lots...
|
by: =?Utf-8?B?bmVlcmFqYkBub2lkYS5ub3NwYW1oY2x0ZWNoLmNv |
last post by:
Hi, I have a question with respect to the security implementation of Menu
using sitemap. Normally in the sitemap we can implement role based security
but that is based on the Role based...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
