473,320 Members | 1,817 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Implementing SSO for Smart Client Application which uses Web Servi

We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers – Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role “A” in AD is Role “A” in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar

Oct 10 '06 #1
1 3491
The easiest way to handle both cases is to use the GenericIdentity and
GenericPrincipal classes so that you can programmatically determine the
user's roles at run-time based on the location of the roles (DB vs. AD).

Bryan Phillips
MCSD, MCDBA, MCSE
Blog: http://bphillips76.spaces.live.com


"Rasheed" <Ra*****@discussions.microsoft.comwrote in message
news:03**********************************@microsof t.com:
We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers - Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role "A" in AD is Role "A" in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar
Oct 18 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: MaSTeR | last post by:
I want to stream data from a server, the client is a smart client it I want to be able to connect to a pc (eventually the pc it's been downloaded from). The problem as you might expect is that the...
2
by: Jeff | last post by:
Please note this is NOT a rant or complaint! And yes, I'm over-simplifying, but intentionally. Here goes... With ASP.NET Web applications I like that I can access data from anywhere without...
1
by: HM | last post by:
Hi, I have an existing web application in ASP/VB which uses OCX controls. I want to replace them with a Smart client solution, but I do not want to change the whole application at the first go....
0
by: Uma | last post by:
Dear all, I have a problem while running a smart client application which was installed through CD-ROM. After installing the smart client setup the application is running properly. When running...
10
by: Pieter Coucke | last post by:
Hi, What's in general the most performant for a VB.NET Windows Forms (2.0) application: - a fat client (everything one the client, the server hosts only the database) - a smart client (an...
7
by: Avi | last post by:
Hi there, Sorry, newbie, learning my way around ... I understand that ASP.Net is built on the assumption that the client does not run the .net framework, and that when you can assume that the...
6
by: Joseph Geretz | last post by:
I have the following class which I am serializing and passing back and forth between my Web Service application and the client. public class Token : SoapHeader { public string SID; public...
0
by: Ekart Laszlo | last post by:
Hi, there We have currently a Java Applet based solution that we would like to rewrite to a .NET solution. The scenario is the following: 1. Starter Client application opens up a web browser...
13
by: Tristan Wibberley | last post by:
Hi I've got implementing overloaded operator new and delete pretty much down. Just got to meet the alignment requirements of the class on which the operator is overloaded. But how does one...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.