|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IsAuthenticated property on IIdentity interfaceHi everybody,
this property is read-only in the interface IIdentity. I suppose it is set at the creation of the instance, but I cannot find the right constructor ? Oriane Each type that implements the interface may implement the logic behind the
property in a different way. For example, System.Security.Principal.GenericIdentity will return true for the property iff the identity name is not an empty string. What identity type are you using? Show quoteHide quote "Oriane" <Ori***@Guermantes.com> wrote in message news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... > Hi everybody, > > this property is read-only in the interface IIdentity. I suppose it is set > at the creation of the instance, but I cannot find the right constructor ? > > Oriane > > Hi Nicole,
I use the "default" identity type from the Enterprise Library, using a login/password authentication scheme. It is using GenericIdentity. In that precise case, the constructor : new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType()) I have the feeling that this constructor returns the object with a "IsAuthenticated" property "set" to "true". In my application, I want to authenticate users by comparing a login/password with database values. It's a .NET Windows Form app (not an ASP.NET one). Should I use the FormsIdentity class or is this class only to be used for ASP.NET application ? Thanks Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl... > Each type that implements the interface may implement the logic behind the > property in a different way. For example, > System.Security.Principal.GenericIdentity will return true for the property > iff the identity name is not an empty string. What identity type are you > using? > > > "Oriane" <Ori***@Guermantes.com> wrote in message > news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... > > Hi everybody, > > > > this property is read-only in the interface IIdentity. I suppose it is set > > at the creation of the instance, but I cannot find the right constructor ? > > > > Oriane > > > > > > "Oriane" <Ori***@Guermantes.com> wrote in message Yes. As soon as you specify a non-empty name, news:uO3aO6kRFHA.356@TK2MSFTNGP14.phx.gbl... > Hi Nicole, > > I use the "default" identity type from the Enterprise Library, using a > login/password authentication scheme. It is using GenericIdentity. In that > precise case, the constructor : > new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType()) > > I have the feeling that this constructor returns the object with a > "IsAuthenticated" property "set" to "true". GenericIdentity.IsAuthenticated will return true. You could still use GenericIdentity as your IIdentity implementation. However, if you do, you shouldn't assign it unless the user is actually authenticated. > In my application, I want to authenticate users by comparing a FormsIdentity is almost certainly a worse choice than GenericIdentity for > login/password with database values. It's a .NET Windows Form app (not an > ASP.NET one). Should I use the FormsIdentity class or is this class only > to > be used for ASP.NET application ? your scenario. There are at least a couple of reasons for this: 1. FormsIdentity.IsAuthenticated always returns true, so it's actually even less flexible than GenericIdentity wrt your desired behaviour. 2. Use of FormsIdentity requires AspNetHostingPermission, which is a wee bit of a pain to grant to partially trusted non-ASP.NET code. If you really want a variation of the theme of GenericIdentity that simply adds construction-time specification of authentication status, why not just create your own implementation that derives from GenericIdentity? That said, I am a wee bit skeptical of what use one might have constructing an identity object based on the self-declared name of a user before the user is actually authenticated, but ymmv... Show quoteHide quote > > Thanks > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl... >> Each type that implements the interface may implement the logic behind >> the >> property in a different way. For example, >> System.Security.Principal.GenericIdentity will return true for the > property >> iff the identity name is not an empty string. What identity type are you >> using? >> >> >> "Oriane" <Ori***@Guermantes.com> wrote in message >> news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... >> > Hi everybody, >> > >> > this property is read-only in the interface IIdentity. I suppose it is > set >> > at the creation of the instance, but I cannot find the right >> > constructor > ? >> > >> > Oriane >> > >> > >> >> > >
Show quote
Hide quote
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message I'm not sure to understand what you mean by "before the user isnews:OZOf0TmRFHA.3560@TK2MSFTNGP14.phx.gbl... [...] > If you really want a variation of the theme of GenericIdentity that simply > adds construction-time specification of authentication status, why not just > create your own implementation that derives from GenericIdentity? Absolutely. > That said, I am a wee bit skeptical of what use one might have constructing an > identity object based on the self-declared name of a user before the user is > actually authenticated, but ymmv... authenticated". In fact, we use the custom authentication which consists of checking a couple (login/crypted password) with a "security" database, before the creation of a GenericIdentity object. If the authentication fails, the object is not created. We have to release a V1 of our soft with that simple custom auth. method, but the final target in the V2 is to use a authentication provider (named Kheops, I don't know if you have ever heard of ?). Oriane Show quoteHide quote > > > > > > Thanks > > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > > news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl... > >> Each type that implements the interface may implement the logic behind > >> the > >> property in a different way. For example, > >> System.Security.Principal.GenericIdentity will return true for the > > property > >> iff the identity name is not an empty string. What identity type are you > >> using? > >> > >> > >> "Oriane" <Ori***@Guermantes.com> wrote in message > >> news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... > >> > Hi everybody, > >> > > >> > this property is read-only in the interface IIdentity. I suppose it is > > set > >> > at the creation of the instance, but I cannot find the right > >> > constructor > > ? > >> > > >> > Oriane > >> > > >> > > >> > >> > > > > > > "Oriane" <Ori***@Guermantes.com> wrote in message <snip>news:%23RwNqqmRFHA.3296@TK2MSFTNGP15.phx.gbl... > I'm not sure to understand what you mean by "before the user is The fact that you want to control the value for the IsAuthenticated property > authenticated". made me think that you want to have it return false at least some of the time. If I'm wrong about this, why isn't GenericIdentity OK for your purposes? On the other hand, if my suspicion was correct, under what circumstances would you want to initialize an identity object for an unauthenticated user using anything other than a blank name? > In fact, we use the custom authentication which consists of Then why isn't the GenericIdentity.IsAuthenticated behaviour acceptable for > checking a couple (login/crypted password) with a "security" database, > before the creation of a GenericIdentity object. If the authentication > fails, the object is not created. your purposes? > We have to release a V1 of our soft with that simple custom auth. method, Nope, but I'm not sure that the authentication mechanism is really relevant > but the final target in the V2 is to use a authentication provider (named > Kheops, I don't know if you have ever heard of ?). here anyway since the identity object would presumably be created after authentication, regardless of what authentication provider is in place. Show quoteHide quote > > Oriane >> >> >> > >> > Thanks >> > >> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in > message >> > news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl... >> >> Each type that implements the interface may implement the logic behind >> >> the >> >> property in a different way. For example, >> >> System.Security.Principal.GenericIdentity will return true for the >> > property >> >> iff the identity name is not an empty string. What identity type are > you >> >> using? >> >> >> >> >> >> "Oriane" <Ori***@Guermantes.com> wrote in message >> >> news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... >> >> > Hi everybody, >> >> > >> >> > this property is read-only in the interface IIdentity. I suppose it > is >> > set >> >> > at the creation of the instance, but I cannot find the right >> >> > constructor >> > ? >> >> > >> >> > Oriane >> >> > >> >> > >> >> >> >> >> > >> > >> >> > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message That's what I wanted. Now I think I'm wrong,news:up78xinRFHA.3076@tk2msftngp13.phx.gbl... > "Oriane" <Ori***@Guermantes.com> wrote in message > news:%23RwNqqmRFHA.3296@TK2MSFTNGP15.phx.gbl... > <snip> > The fact that you want to control the value for the IsAuthenticated property > made me think that you want to have it return false at least some of the > time. > If I'm wrong about this, why isn't GenericIdentity OK for your This behaviour is acceptable to me. I was just wondering if this behaviour> purposes? On the other hand, if my suspicion was correct, under what > circumstances would you want to initialize an identity object for an > unauthenticated user using anything other than a blank name? I agree. > > In fact, we use the custom authentication which consists of > > checking a couple (login/crypted password) with a "security" database, > > before the creation of a GenericIdentity object. If the authentication > > fails, the object is not created. > > Then why isn't the GenericIdentity.IsAuthenticated behaviour acceptable for > your purposes? could be improved using a FormsIdentity object. But your answer is clearly no. > If you are right, how can you explain the following excerpt from the> > We have to release a V1 of our soft with that simple custom auth. method, > > but the final target in the V2 is to use a authentication provider (named > > Kheops, I don't know if you have ever heard of ?). > > Nope, but I'm not sure that the authentication mechanism is really relevant > here anyway since the identity object would presumably be created after > authentication, regardless of what authentication provider is in place. Entreprise Library source code: /// <summary> /// Authentification /// </summary> /// <returns></returns> void Authenticate (string username, string password) { bool result = false; userIdentity = null; NamePasswordCredential namePasswordCredentials = credentials as NamePasswordCredential; if (namePasswordCredentials != null && namePasswordCredentials.Name.Length > 0) { SecurityAuthenticationCheckEvent.Fire(namePasswordCredentials.Name); result = PasswordsMatch(namePasswordCredentials.PasswordBytes, namePasswordCredentials.Name); if (result) { userIdentity = new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType()); } else { SecurityAuthenticationFailedEvent.Fire(namePasswordCredentials.Name); } } return result; } ??? Oriane "Oriane" <Ori***@Guermantes.com> wrote in message <snip>news:uU2LZtnRFHA.1268@TK2MSFTNGP14.phx.gbl... > If you are right, how can you explain the following excerpt from the In this code, a string identifying the authentication provider is all that's > Entreprise Library source code: being passed into the identity object. It looks like the only place the Enterprise Library code ever actually ends up using this data is in Microsoft.Practices.EnterpriseLibrary.Logging.ExtraInformation.ManagedSecurityContextInformationProvider.AuthenticationType. If you don't use either this property or the identity's AuthenticationType property as a factor in decisions made in your code (or other applications that might consume data generated from your application), I doubt that a change in the string returned by this property is likely to have much effect. "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message Microsoft.Practices.EnterpriseLibrary.Logging.ExtraInformation.ManagedSecurinews:%23v8aCSoRFHA.2788@TK2MSFTNGP09.phx.gbl... > "Oriane" <Ori***@Guermantes.com> wrote in message > news:uU2LZtnRFHA.1268@TK2MSFTNGP14.phx.gbl... > <snip> > > In this code, a string identifying the authentication provider is all that's > being passed into the identity object. It looks like the only place the > Enterprise Library code ever actually ends up using this data is in > tyContextInformationProvider.AuthenticationType. > If you don't use either this property or the identity's AuthenticationType I must admit I'm a bit confused.> property as a factor in decisions made in your code (or other applications > that might consume data generated from your application), I doubt that a > change in the string returned by this property is likely to have much > effect. > I don't intend to use the property "AuthenticationType", but I do use the "name" property for authorization purpose, via the PrincipalPermissionAttribute (for instance) which uses a Principal object as a parameter, referencing a GenericIdentity object. Hence, I need a GenericIdentity object. So why this authentication mechanism would not be really relevant ? Sorry if I'm completely irrelevant !! Oriane "Oriane" <Ori***@Guermantes.com> wrote in message <snip>news:utlo3eoRFHA.2736@TK2MSFTNGP09.phx.gbl... > I must admit I'm a bit confused. So am I. I thought you were concerned about the use of the authentication type in the following line: userIdentity = new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType()); If not, what is it about the code excerpt that you posted that you think might cause problems if you switch authentication providers? Or does your concern have nothing to do with the planned switch for your v2? > I don't intend to use the property "AuthenticationType", but I do use the Because the authentication gets done before the identity object gets > "name" property for authorization purpose, via the > PrincipalPermissionAttribute (for instance) which uses a Principal object > as > a parameter, referencing a GenericIdentity object. > > Hence, I need a GenericIdentity object. > > So why this authentication mechanism would not be really relevant ? created. If the user cannot be authenticated (regardless of the authentication provider), the identity object should not be created. On the other hand, if the user is successfully authenticated, the work of the authentication provider is done, and it (at least in theory <g>) should probably not be relevant to your application once its work is finished. Show quoteHide quote > > Sorry if I'm completely irrelevant !! > > Oriane > > Hi Nicole,
Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message I give this excerpt to show you that the authentication gets done before thenews:%23T91K$oRFHA.3444@tk2msftngp13.phx.gbl... > "Oriane" <Ori***@Guermantes.com> wrote in message > news:utlo3eoRFHA.2736@TK2MSFTNGP09.phx.gbl... > <snip> > > I must admit I'm a bit confused. > > So am I. I thought you were concerned about the use of the authentication > type in the following line: > > userIdentity = new GenericIdentity(namePasswordCredentials.Name, > GetAuthenticationType()); Nope. > If not, what is it about the code excerpt that you posted that you think > might cause problems if you switch authentication providers? Or does your > concern have nothing to do with the planned switch for your v2? Identity object gets created. > > So why this authentication mechanism would not be really relevant ? The fact is I need (Enterprise Library needs) an Identity reference. Do you> > Because the authentication gets done before the identity object gets > created. If the user cannot be authenticated (regardless of the > authentication provider), the identity object should not be created. On the > other hand, if the user is successfully authenticated, the work of the > authentication provider is done, and it (at least in theory <g>) should > probably not be relevant to your application once its work is finished. suggest, following William post, that I could create another GenericIndentity instance: GenericIdentity gi = new GenericIdentity(userName, "MyDB"); MessageBox.Show(this, string.Format("Welcome Generic User {0}.", gi.Name)); and use it to create a GenericPrincipal instance ? If this auth. method is irrelevant, what do you suggest ? Oriane "Oriane" <Ori***@Guermantes.com> wrote in message Even if the user cannot be authenticated?news:OMiSmgxRFHA.2348@TK2MSFTNGP09.phx.gbl... > The fact is I need (Enterprise Library needs) an Identity reference. > Do you Why would you do this if EL is already creating one for you? If there's > suggest, following William post, that I could create another > GenericIndentity instance: > > GenericIdentity gi = new GenericIdentity(userName, "MyDB"); > MessageBox.Show(this, string.Format("Welcome Generic User {0}.", > gi.Name)); > > and use it to create a GenericPrincipal instance ? something wrong with the one being generated by the EL, could you please specify exactly what the problem is? > If this auth. method is irrelevant, what do you suggest ? By the "authentication mechanism", I mean only the process used to verify the user-provided credentials against some backing store in order to determine whether the credentials match those of a legitimate user account. As long as it's possible for your .NET code to communicate with either a vendor-supplied authentication library/proxy or the backing store, then an object that implements the IIdentity interface can be created as a result of a successful authentication. As far as suggestions, I'm not sure what you're looking for here. Is there some specific technical difficulty that you're encountering now, or are you worried about how use of the Kheops provider will affect a solution that was built using the EL? If the latter, could you please provide some additional details regarding Kheops (e.g.: vendor name, web site, etc.)? Hi Nicole,
I'm afraid we have to stop this discussion since it is clear that we don't understand each other. To be clear : 1> the EL authentication is adressing my pb 2> the Kheops authentication provider is not my pb so far (not before a few months). Of course I need to have a flexible pattern which allows me to change easily the authentication provider. Once again EL is perfect for that. 3> When I've read this sentence in one of your previous post: "Nope, but I'm not sure that the authentication mechanism is really relevant here anyway since the identity object would presumably be created after authentication, regardless of what authentication provider is in place", I've started to wonder why the EL authentication would be irrelevant for my scenarios (the present one with a database lookup and those to come with Kheops or another auth provider) 4> Finally, you seem to agree (but I suppose that in fact you have never disagree ?) with my/the use of the EL... so great !!! Thank you for your posts.. Oriane "Oriane" <Ori***@Guermantes.com> wrote in message OK. This will be my last post to this thread unless you respond with any news:utIquLzRFHA.2384@tk2msftngp13.phx.gbl... > Hi Nicole, > > I'm afraid we have to stop this discussion since it is clear that we don't > understand each other. additional questions. If you still have any questions or problems on this issue and would like help from someone else, it might be a good idea to start a new thread since other folks may assume that your questions have been answered in this one. > To be clear : Unfortunately, I still don't understand why you have a problem with the way > 1> the EL authentication is adressing my pb the EL is performing authentication. You might have better luck getting help with this if you were to post a specific description and/or example of the problem you are encountering. > 2> the Kheops authentication provider is not my pb so far (not before a It should be. <g>> few > months). Of course I need to have a flexible pattern which allows me to > change easily the authentication provider. Once again EL is perfect for > that. > 3> When I've read this sentence in one of your previous post: I think this is just a terminology disconnect. As I tried to explain in my > "Nope, but I'm not sure that the authentication mechanism is really > relevant > here anyway since the identity object would presumably be created after > authentication, regardless of what authentication provider is in place", > I've started to wonder why the EL authentication would be irrelevant for > my > scenarios (the present one with a database lookup and those to come with > Kheops or another auth provider) last message, when I use the term "authentication mechanism", I mean the actual user credential verification performed by the authentication provider. For example, in the case of the DbAuthenticationProvider that ships with the EL, the "authentication mechanism" is a database lookup. Different providers will use different mechanisms for this verification, and the EL helps protect your code from this variability. In other words, I wasn't saying that "EL authentication would be irrelevant", but that the underlying credentials verification approach used by your authentication provider of choice should be irrelevant as long as you are using the EL. > 4> Finally, you seem to agree (but I suppose that in fact you have never The EL should most definitely be sufficiently flexible for your needs.> disagree ?) with my/the use of the EL... > so great !!! Show quoteHide quote > > Thank you for your posts.. > > Oriane > > I am a bit confused with what the issue is here. If your using a DB lookup,
create and return a GenericIdentity instance or error if lookup is bad. However, you may also consider just use AD or SAM if you already have the users configured and forget the DB and just use AD or local accounts (or maybe even ADAM) . In this case, use something like the WindowsIdentity method below. Sample of both methods in the Click method below. I am also confused about the ref to Enterprise library as below does not require a reference to such. I may be missing something in your requirements. Let me know. Cheers. private void button22_Click(object sender, System.EventArgs e) { string userName = "joedoe"; string pw = "password"; string domain = "."; /* * WindowsIdentity Method using AD or SAM. * See WinLogon Helper class at: * http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!283.entry */ WindowsPrincipal wp; bool userGood = WinLogon.TryLogonAs(domain, userName, pw, LogonType.Network, out wp); if ( ! userGood ) { MessageBox.Show(this, "Logon failed."); return; } MessageBox.Show(this, string.Format("Welcome {0}", wp.Identity.Name)); // Continue program... /* * GenericIdentity Method using DB. * Authenticate user/pw using DB lookup here. * If login fails, return error; otherwise continue on. */ GenericIdentity gi = new GenericIdentity(userName, "MyDB"); MessageBox.Show(this, string.Format("Welcome Generic User {0}.", gi.Name)); // Continue program... } Show quoteHide quote "Oriane" <Ori***@Guermantes.com> wrote in message news:uO3aO6kRFHA.356@TK2MSFTNGP14.phx.gbl... > Hi Nicole, > > I use the "default" identity type from the Enterprise Library, using a > login/password authentication scheme. It is using GenericIdentity. In that > precise case, the constructor : > new GenericIdentity(namePasswordCredentials.Name, GetAuthenticationType()) > > I have the feeling that this constructor returns the object with a > "IsAuthenticated" property "set" to "true". > > > In my application, I want to authenticate users by comparing a > login/password with database values. It's a .NET Windows Form app (not an > ASP.NET one). Should I use the FormsIdentity class or is this class only > to > be used for ASP.NET application ? > > Thanks > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:%23EYCWRcRFHA.1396@TK2MSFTNGP10.phx.gbl... >> Each type that implements the interface may implement the logic behind >> the >> property in a different way. For example, >> System.Security.Principal.GenericIdentity will return true for the > property >> iff the identity name is not an empty string. What identity type are you >> using? >> >> >> "Oriane" <Ori***@Guermantes.com> wrote in message >> news:eNzZtIcRFHA.2348@tk2msftngp13.phx.gbl... >> > Hi everybody, >> > >> > this property is read-only in the interface IIdentity. I suppose it is > set >> > at the creation of the instance, but I cannot find the right >> > constructor > ? >> > >> > Oriane >> > >> > >> >> > > Hi William,
I think you are confused because I'm a newbie in the security domain, and I'm not able to clearly explain my goals. "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message I'm not sure to clearly understand your sentence.news:ed6C0QtRFHA.3732@tk2msftngp13.phx.gbl... > I am a bit confused with what the issue is here. If your using a DB lookup, > create and return a GenericIdentity instance or error if lookup is bad. Do you mean : "create and return a Generic instance (or an error) is bad if using a DB lookup " (that is inappropriate) ? I use the Enterprise Library (EL) and I'm "bound" (for the "V1 release" only) to use a DB lookup authentication. The "database auth. provider" is just the default provider of the EL, and althought it could appear to be inappropriate to create a GenericIdentity in that precise scenario, it allows me to change easily for another auth. provider for the "V2". > However, you may also consider just use AD or SAM if you already have the Yes that's the point. But I'm not certain to handle Windows accounts in the> users configured and forget the DB and just use AD or local accounts (or > maybe even ADAM) . In this case, use something like the WindowsIdentity > method below. future. I will authenticate users with a non Windows auth provider, not based on AD, neither on ADAM or SAM. So I will create a GenericIdentity, not a WindowsIndentity. So the basic question is: do I need to create an "IIdentity" object if I don't map it with an underlying Windows account ? If not, what is the goal of the GenericIdentity class ? I also have to consider future releases of my product with could be used in a Internet context. Oriane No problem. But did any of my reply help you? If not, what are you having
problems with? Cheers. Show quoteHide quote "Oriane" <Ori***@Guermantes.com> wrote in message news:uu9nvZxRFHA.508@TK2MSFTNGP12.phx.gbl... > Hi William, > > I think you are confused because I'm a newbie in the security domain, and > I'm not able to clearly explain my goals. > > "William Stacey [MVP]" <staceywREM***@mvps.org> wrote in message > news:ed6C0QtRFHA.3732@tk2msftngp13.phx.gbl... >> I am a bit confused with what the issue is here. If your using a DB > lookup, >> create and return a GenericIdentity instance or error if lookup is bad. > I'm not sure to clearly understand your sentence. > Do you mean : "create and return a Generic instance (or an error) is bad > if > using a DB lookup " (that is inappropriate) ? > > I use the Enterprise Library (EL) and I'm "bound" (for the "V1 release" > only) to use a DB lookup authentication. The "database auth. provider" is > just the default provider of the EL, and althought it could appear to be > inappropriate to create a GenericIdentity in that precise scenario, it > allows me to change easily for another auth. provider for the "V2". > >> However, you may also consider just use AD or SAM if you already have the >> users configured and forget the DB and just use AD or local accounts (or >> maybe even ADAM) . In this case, use something like the WindowsIdentity >> method below. > Yes that's the point. But I'm not certain to handle Windows accounts in > the > future. I will authenticate users with a non Windows auth provider, not > based on AD, neither on ADAM or SAM. So I will create a GenericIdentity, > not > a WindowsIndentity. > > So the basic question is: do I need to create an "IIdentity" object if I > don't map it with an underlying Windows account ? If not, what is the goal > of the GenericIdentity class ? > > I also have to consider future releases of my product with could be used > in > a Internet context. > > Oriane > > "William Stacey [MVP]" <staceywREM***@mvps.org> a écrit dans le message de news: OlAp9W6RFHA.1***@TK2MSFTNGP14.phx.gbl... I thought I had explained my "problem" in the previous post.> No problem. But did any of my reply help you? Yes > If not, what are you having problems with? Cheers. So I repeat: "The basic question is: do I need to create an "IIdentity" object if Idon't map it with an underlying Windows account ? " Cheers IMO, yes. You need either a GenericIdentity if doing your own
authentication or the a WindowsIdentity if using Windows account. Then you can use CLR's role-based security on your methods to allow/disallow access based on role membership. "Oriane" <ori***@guermantes.com> wrote in message news: OlAp9W6RFHA.1***@TK2MSFTNGP14.phx.gbl...news:uvnuuMXSFHA.3972@TK2MSFTNGP14.phx.gbl... "William Stacey [MVP]" <staceywREM***@mvps.org> a écrit dans le message de > No problem. But did any of my reply help you? I thought I had explained my "problem" in the previous post.Yes > If not, what are you having problems with? Cheers. So I repeat: "The basic question is: do I need to create an "IIdentity" object if Idon't map it with an underlying Windows account ? " Cheers There are 4 standard identity classes in .NET based on the IIdentity
interface: 1. GenericIdentity 2. WindowsIdentity 3. FormsIdentity 4. PassportIdentity Note: You can create your own custom Identity class based on IIdentity. The identity's standard properties (Name, AuthenticationType, IsAuthenticated) are filled as soon as the user is authenticated. For example: If a Windows user logs on, the results of the authentication would be stored in an instance of WindowsIdentity. The AuthenticationType would be NTLM, the IsAuthenticated property true, and the Name a string representing the authentication domain and user name of the user. 
Other interesting topics
UIPermission Clipboard
Logon user from service Using HttpContext from a web server? running dll from a network share ISO/IEC 9797-1 MAC Algorithm 3 how to? RSACryptoServiceProvider usage question How do I filter an Active Directory search to an OU (organizational unit)? code level / db security over network AzMan - ADAM store. Help needed with TSL problem. |
|||||||||||||||||||||||
