471,319 Members | 1,369 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,319 software developers and data experts.

authorization for c# winforms applications

I have been doing some initial research for authentication and authorization
options for our next round of apps. I found an article in MSDN magazine
that involved using MS Authorization Manager AKA: AzMan, I'm still looking
into azman. I have also done authentication and authorization with asp.net
in the past, I don't recall the classes that I used, but I think they were
specific to asp.net. I would like to use a SqlServer back end for our user
data. We don't need any AD integration. We basically just need a simple
user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve
Feb 8 '06 #1
4 9042
Hi Steve,
if I was you I would look into the Principal and Identity concept inside
the System.Security.Principal namespace. Basically an identity says who this
person is and if they have been authenticated and a principal links an
identity to a collection of roles. There is an IIdentity and IPrincipal
interface plus a couple of concrete implementations of these interfaces that
are in the framework like WindowsPrincipal or a GenericPrincipal.

You can then set the Principal information in the current thread, using the:
System.Threading.Thread.CurrentPrincipal property. This way you can easily
pass round the users identity and role information throughout your
application.

Hope that gives you a starting point.

Mark Dawson
http://www.markdawson.org

"sklett" wrote:
I have been doing some initial research for authentication and authorization
options for our next round of apps. I found an article in MSDN magazine
that involved using MS Authorization Manager AKA: AzMan, I'm still looking
into azman. I have also done authentication and authorization with asp.net
in the past, I don't recall the classes that I used, but I think they were
specific to asp.net. I would like to use a SqlServer back end for our user
data. We don't need any AD integration. We basically just need a simple
user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve

Feb 8 '06 #2
After further review, AzMan isn't an option as not all of the users of our
system will be in our active directory and it appears that AzMan doesn't
support localized, non windows user accounts. In other words, there is no
"Create new user" option in AzMan.

This is too bad, I really liked the nested approach they use, very
efficient.
"sklett" <as**@fkd.com> wrote in message
news:eC**************@TK2MSFTNGP09.phx.gbl...
I have been doing some initial research for authentication and
authorization options for our next round of apps. I found an article in
MSDN magazine that involved using MS Authorization Manager AKA: AzMan, I'm
still looking into azman. I have also done authentication and
authorization with asp.net in the past, I don't recall the classes that I
used, but I think they were specific to asp.net. I would like to use a
SqlServer back end for our user data. We don't need any AD integration.
We basically just need a simple user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve

Feb 8 '06 #3
Hi Steve,
if I was you I would look into the Principal and Identity concept inside
the System.Security.Principal namespace. Basically an identity says who this
person is and if they have been authenticated and a principal links an
identity to a collection of roles. There is an IIdentity and IPrincipal
interface plus a couple of concrete implementations of these interfaces that
are in the framework like WindowsPrincipal or a GenericPrincipal.

You can then set the Principal information in the current thread, using the:
System.Threading.Thread.CurrentPrincipal property. This way you can easily
pass round the users identity and role information throughout your
application.

Hope that gives you a starting point.

Mark Dawson
http://www.markdawson.org

"sklett" wrote:
I have been doing some initial research for authentication and authorization
options for our next round of apps. I found an article in MSDN magazine
that involved using MS Authorization Manager AKA: AzMan, I'm still looking
into azman. I have also done authentication and authorization with asp.net
in the past, I don't recall the classes that I used, but I think they were
specific to asp.net. I would like to use a SqlServer back end for our user
data. We don't need any AD integration. We basically just need a simple
user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve

Feb 8 '06 #4
Hi Mark,

Thank you for your post! I believe these are the two interfaces that I used
when I developed the asp.net application. It sounds like from what you have
said that I'm not limited to using them with just the WebForms side of
things. I will find some good examples and tutorials and give this a real
look. Thank you again for your post.

Have a good night,
Steve
"Mark R. Dawson" <Ma*********@discussions.microsoft.com> wrote in message
news:68**********************************@microsof t.com...
Hi Steve,
if I was you I would look into the Principal and Identity concept inside
the System.Security.Principal namespace. Basically an identity says who
this
person is and if they have been authenticated and a principal links an
identity to a collection of roles. There is an IIdentity and IPrincipal
interface plus a couple of concrete implementations of these interfaces
that
are in the framework like WindowsPrincipal or a GenericPrincipal.

You can then set the Principal information in the current thread, using
the:
System.Threading.Thread.CurrentPrincipal property. This way you can
easily
pass round the users identity and role information throughout your
application.

Hope that gives you a starting point.

Mark Dawson
http://www.markdawson.org

"sklett" wrote:
I have been doing some initial research for authentication and
authorization
options for our next round of apps. I found an article in MSDN magazine
that involved using MS Authorization Manager AKA: AzMan, I'm still
looking
into azman. I have also done authentication and authorization with
asp.net
in the past, I don't recall the classes that I used, but I think they
were
specific to asp.net. I would like to use a SqlServer back end for our
user
data. We don't need any AD integration. We basically just need a simple
user/roles system.

I'm curious how some of you have implemented this in the past. I have a
tendency to "roll my own" solution too often and would be interested in
utilizing pre existing classes if they fit our needs.

If you have a basic solution that you have used in the past that worked
well, please share. I'm trying to get all my options out on the table so
that I can make the best decision.

Thanks for reading,
Steve

Feb 8 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Empire City | last post: by
reply views Thread by Shamil Salakhetdinov | last post: by
4 posts views Thread by 3Cooks | last post: by
1 post views Thread by gilly3 | last post: by
5 posts views Thread by brian.wilson4 | last post: by
10 posts views Thread by Jules Winfield | last post: by
23 posts views Thread by raylopez99 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.