We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.
Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers – Intranet and
Internet)
Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role “A” in AD is Role “A” in RDBMS)
Here is the run time process flow when the user data store is configured to
use AD:
1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends
Following is the process flow when the data store is configured to use RDBMS:
1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends
Requirement:
The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.
Questions:
How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.
How to map the roles/access rights which are stored in RDBMS to implement
authorization?
Thanks in advance!
Umar