469,964 Members | 1,504 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,964 developers. It's quick & easy.

Implementing SSO for Smart Client Application which uses Web Servi

We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers – Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role “A” in AD is Role “A” in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar

Oct 10 '06 #1
1 3303
The easiest way to handle both cases is to use the GenericIdentity and
GenericPrincipal classes so that you can programmatically determine the
user's roles at run-time based on the location of the roles (DB vs. AD).

Bryan Phillips
MCSD, MCDBA, MCSE
Blog: http://bphillips76.spaces.live.com


"Rasheed" <Ra*****@discussions.microsoft.comwrote in message
news:03**********************************@microsof t.com:
We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers - Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role "A" in AD is Role "A" in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar
Oct 18 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by MaSTeR | last post: by
1 post views Thread by HM | last post: by
7 posts views Thread by Avi | last post: by
reply views Thread by Ekart Laszlo | last post: by
13 posts views Thread by Tristan Wibberley | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.