471,618 Members | 1,070 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,618 software developers and data experts.

User Login & Application Security

Hi, need some info on implementing a multiuser winforms application,
specifically managing user logins and user preferences & access rights. Are
there any frameworks out there for this. I don't want to use windows
identity system. Any pointers would be appreciated.
Feb 16 '06 #1
2 2353
For simple preferences you could use a combination of

Application.UserAppDataPath
..UserAppDataRegistry
..CommonAppDataPath
..CommonAppDataRegistry

Not sure how to do it off the top of my head, but I'm sure if you just
needed to check for admin rights to the computer you could make a quick
check to the current identity.

Are you looking for something complex like LDAP or just authentication
against a database? If you just need to authenticate the one
application (i.e. one computer, one set of security settings), you
could imbed SQLite and create a small security/preference system that
gets installed with the application. http://www.sqlite.org/. For the
..net ADO wrapper go to http://adodotnetsqlite.sourceforge.net/. The
SQLite documentation has a link for a wrapper that works with .net 2.0

If your not going to tie things down using microsoft security I'd
suggest just creating your own classes and using a hash to protect the
password. Encode the password as an MD5 hash in the database. When the
user types the password, just MD5 the string and send the MD5 for
comparison. This is totally breakable but at least protects the
password from being read by a human. In the case of SQLite everything
is executed in the current security so nobody could sniff the
communicaitons. A simple class library with groups, users and
permissions is pretty easy to implement.

Not sure why you don't want to use Identities? I linked ASP.Net forms
to a GenericIdentity and created a data access layer for authentication
against a database. Was able to swap out Sybase SQL Anywhere for SQL
Server relatively painlessly.

Cheers
Russ

Feb 16 '06 #2
Thanks..good advice, will check it out....
<ru********@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
For simple preferences you could use a combination of

Application.UserAppDataPath
.UserAppDataRegistry
.CommonAppDataPath
.CommonAppDataRegistry

Not sure how to do it off the top of my head, but I'm sure if you just
needed to check for admin rights to the computer you could make a quick
check to the current identity.

Are you looking for something complex like LDAP or just authentication
against a database? If you just need to authenticate the one
application (i.e. one computer, one set of security settings), you
could imbed SQLite and create a small security/preference system that
gets installed with the application. http://www.sqlite.org/. For the
.net ADO wrapper go to http://adodotnetsqlite.sourceforge.net/. The
SQLite documentation has a link for a wrapper that works with .net 2.0

If your not going to tie things down using microsoft security I'd
suggest just creating your own classes and using a hash to protect the
password. Encode the password as an MD5 hash in the database. When the
user types the password, just MD5 the string and send the MD5 for
comparison. This is totally breakable but at least protects the
password from being read by a human. In the case of SQLite everything
is executed in the current security so nobody could sniff the
communicaitons. A simple class library with groups, users and
permissions is pretty easy to implement.

Not sure why you don't want to use Identities? I linked ASP.Net forms
to a GenericIdentity and created a data access layer for authentication
against a database. Was able to swap out Sybase SQL Anywhere for SQL
Server relatively painlessly.

Cheers
Russ

Feb 17 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Ben Binskin | last post: by
5 posts views Thread by Matthew Louden | last post: by
1 post views Thread by Grey | last post: by
19 posts views Thread by Siobhan | last post: by
6 posts views Thread by Andrew Chalk | last post: by
4 posts views Thread by =?Utf-8?B?QXZhRGV2?= | last post: by
4 posts views Thread by Brett | last post: by
reply views Thread by leo001 | last post: by
1 post views Thread by ZEDKYRIE | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.