By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,385 Members | 847 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,385 IT Pros & Developers. It's quick & easy.

Implementing SSO for Smart Client Application which uses Web Servi

P: n/a
We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers – Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role “A” in AD is Role “A” in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar

Oct 10 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
The easiest way to handle both cases is to use the GenericIdentity and
GenericPrincipal classes so that you can programmatically determine the
user's roles at run-time based on the location of the roles (DB vs. AD).

Bryan Phillips
MCSD, MCDBA, MCSE
Blog: http://bphillips76.spaces.live.com


"Rasheed" <Ra*****@discussions.microsoft.comwrote in message
news:03**********************************@microsof t.com:
We are building a smart client application (.NET 2.0) which uses Web Services
to access the business objects.

Services: The Web Services have been secured by brokered authentication
using X509 certificate along with message level security. (Right now the web
services are consumed only by the smart client application in intranet
environment. However, few services would be exposed as enterprise services in
future. Such services can be consumed by other consumers - Intranet and
Internet)

Client: The Smart Client application is secured by custom authentication and
authorization provider model. The smart client application by itself has a
logon screen. The supported data stores for user management are RDBMS (SQL,
Oracle and Sybase) and Active Directory. In any case the ROLE and ACCESS
RIGHTS are stored only in the RDBMS. In case of Active Directory, we
logically map the AD role to RDBMS Role and accomplish the authorization
requirements. (Role "A" in AD is Role "A" in RDBMS)

Here is the run time process flow when the user data store is configured to
use AD:

1. User Logs on
2. System authenticates the user against LDAP data store
3. System authorizes the user against the application role which logically
maps to the LDAP role
4. User is successfully authorized and the flow Ends

Following is the process flow when the data store is configured to use RDBMS:

1. User Logs on
2. System authenticates the user against RDBMS data store
3. System authorizes the user against the application role that he/she
belongs to
4. User is successfully authorized and the flow Ends

Requirement:

The requirement is to implement SSO for the smart client application if the
user data store is configured to use Active Directory. In this scenario, the
smart client application should simply use the workstation credentials and
should not prompt the logon screen.

Questions:

How to implement SSO for the smart client when the user data store is
configured to use AD? Please note the AD role logically maps the RDBMS Role
and uses the access rights for the Role stored in RDBMS.

How to map the roles/access rights which are stored in RDBMS to implement
authorization?

Thanks in advance!

Umar
Oct 18 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.