Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / C# / August 2007

Tip: Looking for answers? Try searching our database.

Authentication using principals

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
roundcrisis - 20 Aug 2007 17:15 GMT
Hi there:

I have seen some examples of authentication using principals, this is
for an intranet so a somewhat low level of security is required,
however I woudl like to know the disadvantages of using principals.
Also when I generate the identity for my principal, I use
GenericIdentity, is this ok? is there any obvious reason not to use
this on a production ?

thanks
Reply to this Message
Nicholas Paldino [.NET/C# MVP] - 20 Aug 2007 17:31 GMT
I don't think there are many (if any that I can think of) disadvanges to
using principals.  I rather like the model.  You can use GenericPrincipal if
you want, but it might be better to create a class that implements
IPrincipal or use an exising IPrincipal implementation which would suit your
needs more.  The reason for this is that you have no way of assigning roles
to a user with the GenericPrincipal class.  It's identifying the users in
those roles which makes authorization in .NET work.

   How are you identifying and authorizing the users?  Answering that
question will help determine which IPrincipal implementation you should use.

Signature

         - Nicholas Paldino [.NET/C# MVP]
         - mvp@spam.guard.caspershouse.com

> Hi there:
>
[quoted text clipped - 6 lines]
>
> thanks
Reply to this Message
roundcrisis - 21 Aug 2007 08:56 GMT
hi:

Thanks for your answer, I ander below

>     I don't think there are many (if any that I can think of) disadvanges to
> using principals.  I rather like the model.  You can use GenericPrincipal if
> you want, but it might be better to create a class that implements
> IPrincipal or use an exising IPrincipal implementation which would suit your
> needs more.

well i m using a class that implements Iprincipal but to actually
generate the identity i use genericIdentity
I m not using roles at the moment, so i initialize the class with new
string[0] = "default"; which really doesnt convince me
I might have to add roles  in the near fututre, any suggestions?

The reason for this is that you have no way of assigning roles
> to a user with the GenericPrincipal class.  It's identifying the users in
> those roles which makes authorization in .NET work.
>
>     How are you identifying and authorizing the users?  Answering that
> question will help determine which IPrincipal implementation you should use.

I use another existing class to do the actual validation and then
generate the principal, but this is something that works, however I m
not convinced of the actual
correctnes of the implementation,

> --
>           - Nicholas Paldino [.NET/C# MVP]
[quoted text clipped - 12 lines]
>
> - Show quoted text -
Reply to this Message
roundcrisis - 22 Aug 2007 08:57 GMT
> hi:
>
[quoted text clipped - 50 lines]
>
> - Show quoted text -

bp
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.