By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,208 Members | 1,550 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,208 IT Pros & Developers. It's quick & easy.

windows account query question

P: n/a
Hello,

It should be very simple, but I just can not find out how to do it.

I am developing an info share application. The requirement is that everyone
can view the information, but can only change the information belong to him.
We need to use windows domain account to do the authentication.
Can anyone tell me how to do domain account authentication in c#? Is there a
class to do it?

Many Thanks

Jerry

--
hello, please help
Nov 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Jerry,

For something like this, I would a ServicedComponent. You can derive a
class from ServicedComponent, and then assign roles to each method on the
class, allowing only certain members of each role to make the call.

To do this, you would start by placing the following attributes on your
assembly:

// Indicate that this should run out of process.
[assembly: ApplicationActivation(ActivationOption.Server)]
// Specify that the types in this assembly (that derive from
ServicedComponent) require access control.
[assembly:ApplicationAccessControl(true,
AccessChecksLevel=AccessChecksLevelOption.Applicat ionComponent,
Authentication=AuthenticationOption.Privacy,
ImpersonationLevel=ImpersonationLevel.Identify)]

The first attribute, ApplicationActivation, indicates that the
components in the application (your ServicedComponents) will run out of
process. This is needed if you are going to authenticate calls on the
class/interface/method level.

The ApplicationAccessControl attribute indicates how access to the types
in the application are handled. true means that you have to authenticate
calls. AccessChecksLevel indicates whether you want to authenticate on the
process level, or for every call. The value of ApplicationComponent means
that every call will be authenticated. ImpersonationLevel indicates what
identity the application should run under. With
ImpersonationLevel.Identify, it will be able to identify (and authenticate)
the caller, but the process will run under the user account that you
specify. Authentication is how you want to protect the messages as they
travel between client and server. The Privacy value is the highest level,
making sure that the contents were encrypted, and not modified.

Then, on the component level, you will have to define the interface for
the component that you want to limit calls on. For each method of the
interface, you would attach the following attribute:

public interface IInterface
{
[SecurityRole("AllowedDoSomethingCallers")]
void DoSomething();
}

Then, you implement this on your class. When the class is registered
with COM+, you will see that there is a role specified in the roles for the
application called AllowedDoSomethingCallers. To this, you can easily add
and remove users and groups (although you should always add groups, and you
can do this through the UI or programatically) to the role. Then, when
someone from outside of that role tries to make a call, an exception is
thrown, denying the call.

For more information, check out the section of the .NET framework
documentation titled "Writing Serviced Components", located at (watch for
line wrap):

http://msdn.microsoft.com/library/de...Components.asp

Most of the information you will need is located there. It's a lot to
take in, and it seems convoluted, but in reality, it handles most of the low
level plumbing for this and other kinds of tasks (like object pooling,
activation, transaction management, among other things), and saves a
tremendous amount of time once you become accustomed to it.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"jerry.xuddd" <je********@discussions.microsoft.com> wrote in message
news:FA**********************************@microsof t.com...
Hello,

It should be very simple, but I just can not find out how to do it.

I am developing an info share application. The requirement is that
everyone
can view the information, but can only change the information belong to
him.
We need to use windows domain account to do the authentication.
Can anyone tell me how to do domain account authentication in c#? Is there
a
class to do it?

Many Thanks

Jerry

--
hello, please help

Nov 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.