|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security Strategy for both WIndows Forms and Web FormsI need to design a custom security Authentication and Authorization
framework that is unified for both windows and web applications. A number of articles, including this one, http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c7415/ detail implementing custom IIdentity and IPrincipal with an SQL backend. Will this approach work for web-based applications. If so, what needs to be persisted in session state and what's the best approach for doing it? Thanks, Bruce Pearson Kern County Sheriff Dept. Hi,
you wouldn't use session state - ASP.NET has a AuthenticateRequest event which used to create the custom Prinicipal/Identity object and assign it to Context.User This has to be done on every request and you may use caching if the object creation is expensive - Session is not available yet at this point in request processing - you Context.Cache instead. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I need to design a custom security Authentication and Authorization > framework that is unified for both windows and web applications. A > number of articles, including this one, > http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c74 > 15/ > detail implementing custom IIdentity and IPrincipal with an SQL > backend. > Will this approach work for web-based applications. If so, what needs > to be persisted in session state and what's the best approach for > doing it? > > Thanks, > Bruce Pearson > Kern County Sheriff Dept. Hello,
you can use the forms-authentication schema of the ASP.NET Framework. To include your own authentication scheme you need to implement a method named FormsAuthentication_OnAuthenticate in your global.asax. This method must have the following signature: public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args) Look for articles on FormsAuthentication on the net and in the MSDN for more information. Greetings, Henning Krause Show quoteHide quote "thebruce" <bruce_pear***@hotmail.com> wrote in message news:1140122808.403672.253960@z14g2000cwz.googlegroups.com... >I need to design a custom security Authentication and Authorization > framework that is unified for both windows and web applications. A > number of articles, including this one, > http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c7415/ > detail implementing custom IIdentity and IPrincipal with an SQL > backend. > > Will this approach work for web-based applications. If so, what needs > to be persisted in session state and what's the best approach for doing > it? > > Thanks, > Bruce Pearson > Kern County Sheriff Dept. > 
Other interesting topics
fxcop and link demands
How to encrypt/decrypt a file System.Security.SecurityException was unhandled after changed the permisssion set to "nothing", I can't set the .net configuration anymore? ReflectionPermission weird behavior? Request for Permission failed moving .net containers CryptoAPI PFX Import - Can Import but can't read back PrivateKey impersonation in vb.net |
|||||||||||||||||||||||
