|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security Windows Application and Web applicationHi everyone,
I create a windows application and a web application (.NET 2.0). The windows and web application uses the same Business Logic Layer and Data Access Layer. How can I secure the windows and web application with the same code? Some specifactions: 1. Many users. 2. Many roles. 3. Users can have roles. 4. Some users use Windows authentication and other users a normal username and password (is this possible?) Maybe there are other possibilities? 5. The Windows application is also a client application (it works with ..NET Remoting). What is the best solution? Thanks in advance...... Sept. 23, 2006
That isn't exactly easy nor perfectly "sharable" between those applications. The closest you could probably get, is to have the Web application be Forms Authentication... which then means no windows authentication, which means each user will have to provide a username and password, which you need to maintain in a secure database.... you could then use the same code to query the DB and see if the user is authenticated/authorized to logon, which could be used in both the windows/web applications.... however, just make sure the communication channels are secure for this information. The web application would require the user sending the username/password over the internet (or intranet), which means you'd need something like SSL to protect it from someone sniffing the wire. Although the abstraction of the Biz/Data layer is pretty good at being re-usable between applications..... when you get to security - there are un-avoidable differences between application types... and require each unique thought and coding. I hope this helps lead you in the right direction... -- Show quoteHide quoteJoseph Bittman Microsoft Certified Solution Developer Microsoft Most Valuable Professional -- DPM Blog/Web Site: http://CactiDevelopers.ResDev.Net/ "Lammert" <lvi***@hotmail.com> wrote in message news:1158784372.786073.5950@b28g2000cwb.googlegroups.com... > Hi everyone, > > I create a windows application and a web application (.NET 2.0). The > windows and web application uses the same Business Logic Layer and Data > Access Layer. How can I secure the windows and web application with the > same code? > > Some specifactions: > 1. Many users. > 2. Many roles. > 3. Users can have roles. > 4. Some users use Windows authentication and other users a normal > username and password (is this possible?) Maybe there are other > possibilities? > 5. The Windows application is also a client application (it works with > .NET Remoting). > > What is the best solution? Thanks in advance...... > 
Other interesting topics
GET the real content of a .p7m file with CAPICOM
Registry Permission Attributes .NET 2.0: SetAccessControl wipe out inherited ACEs deserialize and "medium trust" Active Directory User Creation Issues PKI in .net Program Events over remoting and security problem, related/not related, I don't know EnvironmentPermission ASN1 unexpected end of data Runtime Security Policy Question |
|||||||||||||||||||||||
